The project’s team offered the hacker a reward of 10% of the stolen amount for returning the rest of the funds

Decentralized exchange WOOFi lost $8 million in an exploit

06.03.2024 - 08:05


3 min

What’s new? Decentralized crypto exchange (DEX) WOOFi has lost $8 million as a result of an exploit. According to experts at blockchain audit firm PeckShield, a hacker manipulated the price of the WOO token to empty the WooPPPV2 pool contract. As a result, he transferred around 2000 ETH coins to a controlled address. Due to the incident, the project’s team suspended the contract and urged users to revoke permissions to interact with it to avoid losing funds.


What else is known? WOOFi explained that one of the exchange oracles on the Arbitrum network was exposed to an instant loan/flashloan exploit. This allowed the hacker to manipulate the WOO price and repay the flashloan at a lower price. As a result, the asset’s exchange rate momentarily collapsed by 19% to $0,481, but had partially recovered to $0,5389 by the time of writing.

As part of a decentralized financial system, the flashloan feature allows borrowing assets without collateral, provided they are repaid within a single block of transactions. However, the vulnerabilities of this mechanism allow market prices to be manipulated. For example, by borrowing large amounts of funds, an attacker can artificially create market conditions that allow them to capitalize on price discrepancies before the loan is repaid.

The WOOFi team said that pool-related contracts have been suspended and users’ assets in other WOO contracts as well as Earn vaults and WOOFi stake services are safe.

The developers intend to restore full exchange functionality within the next two weeks, “This is the first time an incident like this has happened to us, and we want to make sure it doesn't happen again.”


They have already contacted the hacker and offered him 10% of the stolen amount in exchange for returning the rest of the funds. Arkham Intelligence, an analytics platform, has also set up a reward for users who can provide information about the hacker’s wallets.

In February, one of the wallets of the Serenity Shield blockchain storage platform team was hacked. $5,66 million worth of SERSH native tokens were withdrawn from it, causing the asset’s exchange rate to collapse by 99%.

Crypto gaming platform PlayDapp loses $290 million in a hack

Crypto gaming platform PlayDapp loses $290 million in a hack

Experts speculate that this was the result of a compromised private key

Read more

DEX FixedFloat previously lost $26 million in bitcoin and Ethereum.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy