Warp Finance loses $8 million due to a flash loan attack


Vulnerabilities in flash loan systems cannot be detected by smart contract audits as they exploit the design of the system
Decentralised finance (DeFi) lending protocol Warp Finance has admitted to a flash loan attack which has resulted in the loss of as much as $8 million in digital assets. The latest attack follows a series of flash loans incidents that have exploited vulnerabilities in DeFi protocols. A total of four such attacks were reported in a single week last month.
A flash loan typically refers to the practice of borrowing loans in the form of crypto collateral and repaying it within the same transaction. Though flash loans are considered a significant tool for improving DeFi market efficiency, smart contract audits such as the one conducted for Warp by Hacken, do not protect against flash loans as they exploit the design of the system.
Launched in early November this year, Warp Finance is aimed at enabling users to deposit liquidity provider tokens from other protocols and receive stablecoin loans in exchange. The platform is facing a loss of somewhere between $1 million to $8 million due to the attack.
Acknowledging the incident, Warp tweeted “We are investigating irregular stablecoin loans taken out in the last hour. We recommend that you do not deposit anymore stablecoins until we have clarity on the irregularities”. One of the users soon responded to the notice claiming to have lost 40,000 DAI.
DeFi analysis portal DeFi Prime then took notice of the irregular transaction and announced the flash loan attack and the possible loss suffered by Warp on Twitter. White Hat hackers are presently investigating the spurious transactions that led to the incursion.
Emiliano Bonassi, the co-founder of the Marqet Exchange delved into the process behind the attack by saying, “This is the second attack which uses multiple flash liquidity, flash swaps via Uniswap and flash loans via dYdX”.
He further explained that the attackers asked for three wrapped Ether loans via flash swaps to three different pools on Uniswap and two more on the dYdX trading platform. These funds were used to mint WETH/DAI liquidity pool tokens which were then used as collateral on Warp Finance to clear out the USDC and DAI vaults.
Warp Finance appears to be the latest casualty in the list of several protocols including bZX, Balancer, Origin Protocol, Akropolis and Harvest Finance who have all been the victims of flash loan exploitation by crypto thieves.
The incident highlights the already pressing failure to completely understanding the risks behind flash loans and points out to the need for developing effective mitigation strategies to prevent such hacks in future.
Keep updated with our round the clock and in-depth cryptocurrency news.
Unsub anytime
No SPAM ever!
After signing up, you may also receive occasional special offers from us via email. We will never sell or distribute your data to any third parties. View our privacy policy here.
Please be aware that some of the links on this site will direct you to the websites of third parties, some of whom are marketing affiliates and/or business partners of this site and/or its owners, operators and affiliates. We may receive financial compensation from these third parties. Notwithstanding any such relationship, no responsibility is accepted for the conduct of any third party nor the content or functionality of their websites or applications. A hyperlink to or positive reference to or review of a broker or exchange should not be understood to be an endorsement of that broker or exchange’s products or services.
Risk Warning: Investing in digital currencies, stocks, shares and other securities, commodities, currencies and other derivative investment products (e.g. contracts for difference (“CFDs”) is speculative and carries a high level of risk. Each investment is unique and involves unique risks.
CFDs and other derivatives are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how an investment works and whether you can afford to take the high risk of losing your money.
Cryptocurrencies can fluctuate widely in prices and are, therefore, not appropriate for all investors. Trading cryptocurrencies is not supervised by any EU regulatory framework. Past performance does not guarantee future results. Any trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Your capital is at risk.
When trading in stocks your capital is at risk.
Past performance is not an indication of future results. Trading history presented is less than 5 years old unless otherwise stated and may not suffice as a basis for investment decisions. Prices may go down as well as up, prices can fluctuate widely, you may be exposed to currency exchange rate fluctuations and you may lose all of or more than the amount you invest. Investing is not suitable for everyone; ensure that you have fully understood the risks and legalities involved. If you are unsure, seek independent financial, legal, tax and/or accounting advice. This website does not provide investment, financial, legal, tax or accounting advice. Some links are affiliate links. For more information please read our full risk warning and disclaimer.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Total cryptocurrency market cap touches $2 trillion again

Next Post

US SEC approves Volt Equity’s crypto stock ETF

Related Posts