An attacker took advantage of a vulnerability in a smart contract and withdrew money through the instant loans feature

​DeFi protocol OneRing Finance lost $2 million in hack

22.03.2022 - 12:30

218

2 min

What’s new? OneRing Finance, a multichain protocol, has suffered a hack that resulted in the loss of about $2 million. The developers of the project reported on Twitter that the hacker exploited a loophole in the smart contracts and withdrew USDT stablecoins through the instant loans feature.

Source: Twitter.com

Details of the hack. The experts from the cybersecurity company PeckShield were able to trace the steps of the hack. According to them, the attacker placed a smart contract on the Fantom platform and configured a script to self-destruct, making it difficult to determine which protocol vulnerability he was exploiting.

Source: Twitter.com

Using the instant loans feature, the hacker received 80 million USDT, which he used to manipulate the OShare token. After repaying the loan, his profit was about $1,5 million. The attacker then withdrew the funds to Ethereum and ran them through the Tornado Cash mixer.

What do the developers say about the incident? The OneRing Finance team stated that only the OShare liquidity pool was affected and the remaining funds are safe. The project has suspended all operations related to the vault. The developers also offered the hacker 15% of the stolen funds and 1 million native RING tokens for returning the rest and disclosing the vulnerability.

Author:

Vasiliy Smirnov Vasiliy Smirnov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy