DeFi Protocol Akropolis Lost $2 Million to Hackers

Akropolis, a decentralized finance (DeFi) protocol, has become the latest in the Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Read this Term industry to become the target of hackers, resulting in the theft of over $2 million in DAI Stablecoin Stablecoin Unlike other cryptocurrencies like Bitcoin and Ethereum, stablecoins are cryptocurrencies that have been designed to keep a stable value. Placing a greater emphasis on stability over volatility can be a huge draw for some investors. Many individuals can be turned off from large swings and uncertainty presented by cryptos relative to other traditional assets.Stablecoins control for this volatility by being pegged to another cryptocurrency, fiat money, or to exchange-traded commodities, including Unlike other cryptocurrencies like Bitcoin and Ethereum, stablecoins are cryptocurrencies that have been designed to keep a stable value. Placing a greater emphasis on stability over volatility can be a huge draw for some investors. Many individuals can be turned off from large swings and uncertainty presented by cryptos relative to other traditional assets.Stablecoins control for this volatility by being pegged to another cryptocurrency, fiat money, or to exchange-traded commodities, including Read this Term.

The platform officially notified about the attack on late Thursday, providing some initial updates on the tactics used by the attacker. It is now reviewing the code and security procedure and will publish a post-mortem report.

The Rise of DeFi Is Luring Hackers

Akropolis offers DeFi lending services along with savings services that allow users to take out loans in digital currencies and generate interest on their collateral deposits. This type of platform became very popular with the recent hype of the DeFi ecosystem as users were flocking towards them for the so-called yield farming.

The attacker exploited the savings side of the protocol that utilizes another DeFi protocol, Curve.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools,” Akropolis stated in the announcement.

The Akropolis attacker used a combination of re-entrancy attacks and dYdX flash loan origination to exploit the protocol’s savings pool.

Though many unaudited DeFi projects have recently become the target of hackers, Akropolis pointed out that its protocol was audited by two independent firms, CertiK, and SmartDec and Pessimistic. However, both companies missed two “attack vectors” in their audit, Akropolis founder and CEO, Ana Andrianova tweeted.

Not quite, we will publish a detailed retro shortly. Two attack vectors have unfortunately been missed despite two audits. I will link a post-mortem and next steps here.

— Ana A. (@ana_andrianova) November 12, 2020

Apart from DAI, the protocol also holds Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD, Curve sBTC, and has two native pools of AKRO and ADEL. All of them are unaffected by the attack.

“We are exploring ways to reimburse users for the loss in a way that is sustainable for the project, and will make a proposal to the community prior to any final decision being made,” the announcement added.