FloorDAO, an NFT-Fi liquidity layer, has fallen victim to a major exploit, losing around 40 WETH, valued at around $65,000, to hackers.
The breach is yet another hack impacting the crypto space and highlights the constant risk faced by the ecosystem.
Yet Another Exploit Hits DeFi
The FloorDAO breach has rattled an already wary decentralized finance (DeFi) community and has once again put the focus on the vulnerabilities in the larger DeFi ecosystem. FloorDAO warned users about the exploit in a post on X, stating that the exploit was caused by a user exploiting a backlog of FLOOR rebases. This allowed the user to steal around 40 WETH (Wrapped ETH) from the FloorDAO’s FLOOR/WETH Protocol Owned Liquidity (POL).
The post also added that FloorDAO would soon be conducting a full investigation into the exploit.
“Earlier today, a user exploited a backlog of FLOOR rebases, exiting with approximately 40 WETH from the DAO’s FLOOR/WETH Protocol Owned Liquidity (POL). The exploit was amplified by a small bug in the way that rebases were calculated. A full post-mortem will follow.”
In a follow-up post, FloorDAO stated that the Floor treasury had completed the first redeployment of the Protocol Owned Liquidity.
“The Floor treasury has completed the first redeployment of Protocol Owned Liquidity (POL) with more to come.”
Hackers Quick To Move Stolen Funds
The hackers swiftly moved around the stolen funds. Eventually, they were redirected to the Tornado Cash mixer, a hugely popular privacy-focused Ethereum mixer. This move further complicated things, adding an extra layer of obscurity to the stolen funds. This makes it significantly more challenging for FloorDAO or any authorities to trace and recover the stolen funds.
Hacks On The Rise
The hack is the latest in a long line of exploits that have hit the crypto space this year. According to data from blockchain security firm PeckShieldAlert, August alone has seen a staggering 20 exploits. This has led to just over $17 million being lost by major DeFi projects to hackers. PeckShieldAlert has also revealed that as of 31st August 2023, around 2,458.3 ETH and 213.5 Binance Coin (BNB) have been moved into Tornado Cash, raising concerns about the mixer’s role in the anonymizing of stolen assets. Just a day ago, the highly popular crypto betting platform Stake also fell victim to an exploit, with hackers managing to steal over $40 million. Many in the crypto space have speculated that the attack could be linked to North Korea.
Previous DeFi Hacks
The decentralized finance (DeFi) ecosystem is a major target for hackers and bad actors, with several significant hacks in 2023 alone. In May, Arbitrum-based Jimbos Protocol fell victim to a major exploit, with a hacker stealing a significant amount of funds. The hack targeted Version 2 of the protocol and saw the hacker make off with $7.3 million.
Another protocol targeted by hackers was the 0VIX protocol. 0VIX suffered a flash loan attack, leading to hackers siphoning away $2 million from the protocol. In fact, even Tornado Cash has fallen victim to hackers, as unknown hackers were able to compromise the protocol and access a large number of TORN tokens. This incident led to significant losses for the mixing protocol. August also saw the DeFi app Steadefi fall victim to an exploit. The decentralized finance app posted on X that it was hit by an exploit of at least $334,000. The protocol also stated that the attack had put all funds at risk, as they could become irrecoverable.
Other DeFi and crypto platforms impacted by the DeFi hacking epidemic include LeetSwap, CoinsPaid, Voyager, and even Tether. CoinSpaid fell victim to a hack orchestrated by the dreaded Lazarus Group. LeetSwap had to suspend all trading activity due to fears of a potential exploit. Voyager also suffered a significant exploit which occurred in the middle of its court-supervised recovery process. Tether was also targeted when a scammer stole $20 million worth of USDT by orchestrating a zero transfer phishing attack.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.