The attack was carried out with flash loans and manipulating the price of AVAX tokens

Nereus Finance platform lost 370 000 USDC in an exploit

08.09.2022 - 08:15


2 min

What’s new? On September 7, Nereus Finance, a decentralized platform, was hacked, causing hackers to withdraw $370 000 in USD Coin (USDC) stablecoins. According to cybersecurity firm CertiK, the attackers carried out the attack with a flash loan.

What else is known about the incident? Hackers managed to steal funds by manipulating the price of AVAX tokens on Nereus. The attack took place through arbitrage trades, using 51 million USDC borrowed. The attackers then transferred tokens from the Avalanche blockchain to the Ethereum blockchain.

The Nereus team confirmed the attack and is currently investigating. According to the platform’s representatives, the incident affected only one market and the protocol as a whole remained over-collateralized.

Nereus Finance is a non-custodial lending protocol running on the Avalanche blockchain. The total value locked (TVL) is $13,19 million (DefiLlama’s data as of September 8). The platform passed a security audit performed by Ambisafe.

Earlier, the FBI issued a warning to investors about vulnerabilities in DeFi platforms. Representatives of the bureau called three of the most popular types of attacks on such projects, including initiating flash loans, exploiting signature verification vulnerabilities in bridges between networks, and manipulating the price oracle.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy