[ad_1]
- WOOFi has released a post-mortem report confirming an $8.75 million exploit on its lending market on Arbitrum.
- The decentralized exchange has offered a 10% whitehat bounty to the attacker.
Decentralized exchange WOOFi suffered an $8.75 million exploit that targeted its lending market on Arbitrum, according to a report the platform released on Wednesday.
In a post-mortem report, the WOOFi team noted that the attacker manipulated its Synthetic Proactive Market Making (sPMM) algorithm.
After pausing the manipulated contracts, an investigation into the attack revealed the hacker carried out a series of flash loan attacks, starting at around 15:49 UTC on March 5.
“The exploit consisted of a sequence of flash loans that took advantage of low liquidity to manipulate the price of WOO in order to repay the flash loans at a cheaper price,” the team noted.
During the attack, the exploiter borrowed approximately 7.7 million WOO tokens as well as other cryptocurrencies. They then sold these tokens into WOOFi, causing the sPMM to incorrectly adjust WOO token’s price to near zero.
With the anomalous pricing in place, the attacker proceeded to quickly swap out 10 million WOO three times.
While various blockchain security platforms, including PeckShield, Chainalysis, Hypernative, and Wintermute swiftly picked up the exploit, the attacker had already made off with $8.75 million in profits.
WOOFi offers 10% whitehat bounty
WOOFi is offering an 10% whitehat bounty to the attacker as efforts to recover the funds continue. The platform has also initiated bounty on Arkham Intelligence.
Meanwhile, the exchange says its WOOFi Pro, Stake, and Earn services were not affected and remain “fully operational.”
The WOOFi team posted on X:
3/ We have already initiated efforts to retrieve these funds, with a 10% whitehat bounty extended to the exploiter. Additionally, a bounty has been placed on @ArkhamIntel for anyone who can provide additional information.https://t.co/oSG0CQa4oP
— WOOFi (@_WOOFi) March 5, 2024
WOO price fell sharply after the attack, from around $0.59 to lows of $0.48. The token’s value changed hands at $0.52 at the time of writing.
[ad_2]
Source link