DeFi Protocol Akropolis Lost $2 Million to Hackers

Friday, 13/11/2020 | 07:11 GMT by Arnab Shome
  • Two independent firms audited the protocol's codes.
DeFi Protocol Akropolis Lost $2 Million to Hackers
Pixabay

Akropolis, a decentralized finance (DeFi) protocol, has become the latest in the Blockchain industry to become the target of hackers, resulting in the theft of over $2 million in DAI Stablecoin .

The platform officially notified about the attack on late Thursday, providing some initial updates on the tactics used by the attacker. It is now reviewing the code and security procedure and will publish a post-mortem report.

The Rise of DeFi Is Luring Hackers

Akropolis offers DeFi lending services along with savings services that allow users to take out loans in digital currencies and generate interest on their collateral deposits. This type of platform became very popular with the recent hype of the DeFi ecosystem as users were flocking towards them for the so-called yield farming.

The attacker exploited the savings side of the protocol that utilizes another DeFi protocol, Curve.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools,” Akropolis stated in the announcement.

The Akropolis attacker used a combination of re-entrancy attacks and dYdX flash loan origination to exploit the protocol’s savings pool.

Though many unaudited DeFi projects have recently become the target of hackers, Akropolis pointed out that its protocol was audited by two independent firms, CertiK, and SmartDec and Pessimistic. However, both companies missed two “attack vectors” in their audit, Akropolis founder and CEO, Ana Andrianova tweeted.

Apart from DAI, the protocol also holds Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD, Curve sBTC, and has two native pools of AKRO and ADEL. All of them are unaffected by the attack.

“We are exploring ways to reimburse users for the loss in a way that is sustainable for the project, and will make a proposal to the community prior to any final decision being made,” the announcement added.

Akropolis, a decentralized finance (DeFi) protocol, has become the latest in the Blockchain industry to become the target of hackers, resulting in the theft of over $2 million in DAI Stablecoin .

The platform officially notified about the attack on late Thursday, providing some initial updates on the tactics used by the attacker. It is now reviewing the code and security procedure and will publish a post-mortem report.

The Rise of DeFi Is Luring Hackers

Akropolis offers DeFi lending services along with savings services that allow users to take out loans in digital currencies and generate interest on their collateral deposits. This type of platform became very popular with the recent hype of the DeFi ecosystem as users were flocking towards them for the so-called yield farming.

The attacker exploited the savings side of the protocol that utilizes another DeFi protocol, Curve.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools,” Akropolis stated in the announcement.

The Akropolis attacker used a combination of re-entrancy attacks and dYdX flash loan origination to exploit the protocol’s savings pool.

Though many unaudited DeFi projects have recently become the target of hackers, Akropolis pointed out that its protocol was audited by two independent firms, CertiK, and SmartDec and Pessimistic. However, both companies missed two “attack vectors” in their audit, Akropolis founder and CEO, Ana Andrianova tweeted.

Apart from DAI, the protocol also holds Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD, Curve sBTC, and has two native pools of AKRO and ADEL. All of them are unaffected by the attack.

“We are exploring ways to reimburse users for the loss in a way that is sustainable for the project, and will make a proposal to the community prior to any final decision being made,” the announcement added.

About the Author: Arnab Shome
Arnab Shome
  • 6528 Articles
  • 87 Followers
About the Author: Arnab Shome
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.
  • 6528 Articles
  • 87 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}