The popularity of flash loans has increased enormously recently. But not only conscientious investors, black sheep also make use of the concept. The relatively young DeFi platform Warp Finance had to find out about this.
The DeFi lending protocol Warp Finance has suffered a flash loan attack , according to its recent tweets . The loss of digital assets could therefore amount to as much as $ 8 million. Warp Finance is a new DeFi platform that was launched in early November. It enables its users to deposit liquidity provider (LP) tokens from other protocols and receive stablecoin loans in return.
In a Friday morning Twitter post, Warp Finance wrote:
The attacker was able to remove USD 7.7 million in stablecoins. Our team has a plan to recover approximately $ 5.5 million that is still in the security vault. After successful recovery, these are distributed to users who have suffered a loss.
The current attack follows a series of flash loans that exploited vulnerabilities in the Warp Finance protocol. The DeFi analysis portal DeFi Prime has also responded to the irregularities in the current casepointed out and linked to the suspicious transaction. For the time being, users shouldn’t put any more stablecoins in their depot, Warp Finance continues. They will work flat out to clear up the incident. To do this, white hat hackers investigate the suspicious transaction that made up the attack.
Flash loans are quite vulnerable to attacks
The co-founder of Marqet Exchange, Emiliano Bonassi , also analyzed the incident. He comes to the conclusion that the attacker applied for three ether loans (wrapped loans) via flash swaps to three different pools on Uniswap and two more on the dYdX trading platform. The funds were then used to mint WETH / DAI liquidity pool (LP) tokens. The attacker then used this as security on Warp Finance in order to lighten the USDC and DAI safes by a considerable amount.
This is a typical procedure with which attackers exploit the security gaps in DeFi protocols via a flash loan . The current example shows that smart contract checks, such as the one hacked for Warp, do not necessarily protect against them because they use the system’s architecture to their advantage.
The dangers posed by flash loans have not only been known since the most recent attacks, which prior to Warp Finance included bZX, Balancer, Origin Protocol, Akropolis and Harvest Finance. One possible solution could, for example, be to find dynamically adjustable transaction limits in case of doubt. This would at least limit the damage.