Defrost Finance, a decentralized finance (DeFi) protocol built on the Avalanche blockchain, has just been hacked for $173,000 worth of funds. Following the exploit, the native token for the project saw a sharp decrease in its value.
Defrost Hacked for $173k
Peckshield, a blockchain security firm, revealed details of the attack via a Friday tweet. The company noted that the hacker capitalized on “the lack of a reentrancy lock” for the flashloan/deposit function on the DeFi protocol.
What is a reentrancy attack?
A reentrancy attack occurs when a vulnerable smart contract is exploited by bad actors. The exploited smart contract transfers funds through a malicious smart contract into a wallet address designated by the actor behind the unauthorized smart contract.
Upon receiving the funds, the malicious contract executes a recursive callback function to the exploited contract. This makes the vulnerable contract transfer funds to the bad actor’s wallet address until funds are drained from the primary wallet.
Several notable reentrancy exploits have occurred on DeFi platforms in the past. One of them was Cream Finance’s $25 million attack that occurred in August 2021. Another example is the DAO hack, which took place in 2016.
In the case of the latest exploit, the hacker used the reentrancy attack to mint a large number of tokens without any payment.
According to SnowTrace, a blockchain explorer for Avalanche, the bad actors swapped a majority of the stolen funds for wrapped ETH (WETH), Circle USD (USDC), and wrapped AVAX (WAVAX).
Shortly after the commencement of the exploit, the price of MELT, the native token for DeFrost, saw a sharp decline of about 10%. Currently, 1 MELT trades at $0.0064.
Meanwhile, no official comment has been made by Defrost since the time of the exploit up until press time.
DeFi Exploits on the Rise
Several DeFi projects have continued to fall victim to attacks by bad actors. Last week, the Solana-based liquidity provider Raydium was hacked for around $2 million. The hacker attacked by overtaking the “owner authority” of the project.
Earlier this month, two DeFi platforms, Ankr and Helio, lost a total amount of $20 million. However, $3 million belonging to Ankr was retrieved.
Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!