Victor Ugochukwu · Dec 14, 2020 . 5min read
DeFi protocol Akropolis hacked, loses $2M in DAI
DeFi platform Akropolis lost $2M in DAI in a hack via re-entrancy attack using a flash loan from derivatives platform dYdX.
By Komal Joshi · Nov 13, 2020 . 6min read
It appears that more and more DeFi yield farming projects are vulnerable to exploits and hacks. Decentralized finance (DeFi) protocol Akropolis lost $2M in DAI in a venture on Thursday morning. It is the latest DeFi project to be hacked through flash loans. For the uninformed, Akropolis is a DeFi lending and savings service provider that allows users to take out loans and earn yield on cryptocurrency deposits. The savings portion of the service, which uses Curve protocol, underwent exploitation in the attack. The hack includes the yUSD and sUSD Curve pools.
Various pools in the project’s Delphi Savings pool for yield farming were emptied of over 2 million DAI, worth approximately $2 million. The hacker didn’t hold the stolen funds for a long time. The hacker quickly transferred the stolen funds to another wallet. Flash loans enable users to obtain funds directly. However, repayment should be on one transaction block, indicating users can take the support of uncollateralized loans.
Akropolis funds exploited via unification of re-entrancy attack and dYdX flash loan.
Conversing about the Akropolis attack, a combination of a re-entrancy attack and dYdX flash loan origination misused the savings pools. Akropolis states that the two firms carried on the audit of the pools. However, identification of the attack vectors was not possible in either audit.
According to Akropolis, the maximum funds on the protocol are safe. It includes Compound DAI, Compound USDC, AAVE bUSD, AAVE sUSD, Curve bUSD, and Curve sBTC. Innate AKRO and ADEL staking pools were also intact. However, all stablecoin pools were halted. Additionally, it has informed the exchanges about the hack.
Akropolis founder and CEO Ana Andrianova claim that the attack was similar to another DeFi protocol Harvest Finance. In October, hackers stole more than $24 million from the platform’s pool to swap it for renBTC. The economic attack had targeted the DeFi protocol’s stablecoin and BTC pools. However, it collaborated with Ren Protocol and identified the bitcoin addresses. The Akropolis team is in conversation with security experts as it examines its growth and security processes for the coming judgment. Earlier in the year, bZx’s margin-trading platform was the scapegoat of a $350,000 exploit.
Follow Cryptodose for more updates.