Warp Finance recently experienced a flash loan attack resulting in the loss of as much as $8 million in digital assets from the DeFi lending protocol.
According to DeFi Prime, the culprit made off with about $1 million to as much as $8 million, the exact amount of which is unconfirmed. The losses follow a series of flash loans in the Warp Finance protocol that have had its technical vulnerabilities exploited.
Warp Finance was revealed in early November as a new DeFi network that allows users to deposit liquidity provider (LP) tokens from other protocols and receive stablecoin loans in return. Aside from this the Warp Finance team had no information at the time of writing:
“In the last hour, we are investigating irregular stablecoin loans taken out, we recommend that you no longer deposit stablecoins until the irregularities are clear.”
The spurious transactions that led to the incursion are explored by white hat hackers. Emiliano Bonassi, the co-founder of the Marqet Exchange, has been delving into what has happened.
“This is the second attack that utilizes multiple flash liquidity, Uniswap flash swaps and dYdX flash loans.”
He added that three wrapped Ether loans via flash swaps were requested by the attacker to three separate pools on Uniswap and two more on the dYdX trading platform. In order to clean out its USDC and DAI vaults, the funds were then used to mint WETH/DAI liquidity pool (LP) tokens that were used as collateral for Warp Financing.
In the same deal, the HA flash loan is when crypto collateral is lent and repaid. Smart contract audits, such as the one carried out by Hacken for Warp, do not generally defend against them since they exploit the system’s architecture.
This year with many protocols including bZX, Balancer, Origin Protocol, Akropolis, and Harvest Finance all falling prey, these attacks have been the weapon of choice for crypto thefts from DeFi protocols. Warp Finance seems to be the new casualty.