Decentralized exchange WOOFi lost $8 million in an exploit
The project’s team offered the hacker a reward of 10% of the stolen amount for returning the rest of the funds
06.03.2024 - 08:05
73
3 min
0
What’s new? Decentralized crypto exchange (DEX) WOOFi has lost $8 million as a result of an exploit. According to experts at blockchain audit firm PeckShield, a hacker manipulated the price of the WOO token to empty the WooPPPV2 pool contract. As a result, he transferred around 2000 ETH coins to a controlled address. Due to the incident, the project’s team suspended the contract and urged users to revoke permissions to interact with it to avoid losing funds.
What else is known? WOOFi explained that one of the exchange oracles on the Arbitrum network was exposed to an instant loan/flashloan exploit. This allowed the hacker to manipulate the WOO price and repay the flashloan at a lower price. As a result, the asset’s exchange rate momentarily collapsed by 19% to $0,481, but had partially recovered to $0,5389 by the time of writing.
As part of a decentralized financial system, the flashloan feature allows borrowing assets without collateral, provided they are repaid within a single block of transactions. However, the vulnerabilities of this mechanism allow market prices to be manipulated. For example, by borrowing large amounts of funds, an attacker can artificially create market conditions that allow them to capitalize on price discrepancies before the loan is repaid.
The WOOFi team said that pool-related contracts have been suspended and users’ assets in other WOO contracts as well as Earn vaults and WOOFi stake services are safe.
The developers intend to restore full exchange functionality within the next two weeks, “This is the first time an incident like this has happened to us, and we want to make sure it doesn't happen again.”
They have already contacted the hacker and offered him 10% of the stolen amount in exchange for returning the rest of the funds. Arkham Intelligence, an analytics platform, has also set up a reward for users who can provide information about the hacker’s wallets.
In February, one of the wallets of the Serenity Shield blockchain storage platform team was hacked. $5,66 million worth of SERSH native tokens were withdrawn from it, causing the asset’s exchange rate to collapse by 99%.
Crypto gaming platform PlayDapp loses $290 million in a hack
Experts speculate that this was the result of a compromised private key
DEX FixedFloat previously lost $26 million in bitcoin and Ethereum.
Useful material?
Market
Funds can be seized by law enforcers due to links to illegal activity
Apr 26, 2024
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024
Business
The rate exchange of the native ACH token reacted with a 10% increase
Apr 18, 2024
Market
Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million
Apr 18, 2024
Market
The platform will be non-custodial and accessible to everyone
Apr 15, 2024