🔥 Burn Fat Fast. Discover How! 💪

​​Avalanche flash loan exploit sees $371K in USDC stolen. The | NFT / BTC / DEFI News 📣

​​Avalanche flash loan exploit sees $371K in USDC stolen.

The scammer deployed a custom smart contract, leveraging a $51 million flash loan to manipulate the AVAX/USDC Trader Joe LP pool price for a single block.

Avalanche-based lending protocol Nereus Finance has been the victim of a crafty hack that saw a user net $371,000 worth of USD Coin (USDC) using a smart contract exploit.

Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on Tuesday, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange (DEX) Trader Joe and automated market maker Curve Finance.

CertiK also suggested that underlying protocols themselves were impacted. However, Curve Finance responded via Twitter on Wednesday, stating “maybe you meant ‘assets impacted,’ not ‘protocols impacted’. Only nereusfinance and its assets seem impacted.”

On Wednesday, Nereus Finance released a detailed post-mortem of the incident explaining an “exploiter” was able to deploy a custom smart contract that utilized a $51 million flash loan from Aave to artificially manipulate the Avalanche (AVAX)USDC Trader Joe LP (JLP) pool price for a single block.

As a result, the anonymous hacker was able to mint 998,000 worth of Nereus’ native token NXUSD against $508,000 worth of collateral. They then swapped this capital into different assets via various liquidity pools and managed to walk away with a net profit of $371,406 once the flash loan was returned.

The incident ended with to the creation of $500,000 of NXUSD “bad debt” in the NXUSD protocol.

The Nereus team says it was quick to remedy the situation. After consulting security experts, developing a mitigation plan and notifying law enforcement, they liquidated and paused the exploited JLP market.

The bad debt was reportedly paid off using NXUSD from the team’s treasury.

According to Nereus, the exploit resulted from a “missed step” in the price calculation, resulting in the opportunity to be exploited. However, it stressed that “no users funds are at risk, and NXUSD continues to be over collateralized,” and the “Lending and Borrowing protocol was not affected by this exploit.”
Next Message
telegram-crypto.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-crypto.com.