Cross-chain decentralized exchange WOOFi has become the latest victim to bad actors following a flash loan exploit of over $8 million. The project’s team has halted activities in the affected pools as investigations are ongoing.
WOOFi is a DeFi protocol that allows users to conduct cross-chain swaps, stake tokens and earn yield across 11 blockchains. These blockchain networks include Ethereum, Arbitrum, Optimism, Polygon, Avalanche, BNB Chain, Fantom, and others. The project utilizes the Woo Network, a liquidity system that connects traders, exchanges, institutions, and DeFi protocols. WOO token powers the project.
WOOFi Suffers $8M Attack
According to the ongoing investigation by WOOFi, the hacker exploited one of the oracles on Arbitrum, affecting the WooPPV2 contract. A “contained” flash loan attack was used to manipulate WOO’s price. The flash loan was repaid when the underlying asset saw a price dip.
After initial notice from Twitter handles, Spreek and PeckShield, the Woo project team paused its pools, before commencing investigation. At the time of writing, approximately 2,000 ETH worth of funds have been siphoned by the attacker.
Although the DEX project has yet to finalize the investigation at press time, it assured users that “there is no risk to the current user assets in Earn vaults, WOOFi stake, or other WOO contracts.”
WOOFi, working with several close partners, paused the respective contracts at 16:02 UTC while an investigation began. The impact is currently limited, there is no risk to the current user assets in Earn vaults, WOOFi stake, or other WOO contracts.
More updates to come. (2/2)
— WOOFi (@_WOOFi) March 5, 2024
WOO’s price has taken the hit from the attack. The cryptocurrency currently trades at $0.518, representing a 9.6% price drop over the past 24 hours.
Source: CoinStats
On the other hand, WOOFi’s total value locked (TVL) decreased from $53.36 million to $44.3 million over the past 24 hours alone.
Impersonators to Scoop Funds from WOO Users
Despite its losses, more bad players are seeking ways to milk funds from unsuspecting WOO users on X. Two hours after the attack, the WOOFi team urged users to beware of an impersonator X account posing to be the project’s official X handle.
According to a screenshot, the impostor account invited users to supposedly “revoke all approvals to prevent loss of funds.” In the actual sense, these users were redirected to a phishing link.
WOOFi’s $8M attack puts it among other infamous hacks that have occurred within the crypto industry since the start of the year.
