Blockchain protocol Avalanche saw a flash loan attack of $371,000 worth of USDC stablecoins.
According to blockchain security company Certik, the hack possibly impacted lending protocol Nereus, decentralized trading Trader Joe, and automated market maker Curve Finance.
Later, Nereus Finance published a detailed blog post describing how the hack happened. Analysis revealed that hackers managed to deploy a custom smart contract that used a $500,000 flash loan from Aave to manipulate the AVAX/USDC pair on Trader Joe pool price for a single block, which later was reported as a broad flash-loan exploit.
Nereus said that in hours after the incident, the team's security experts built a mitigation plan, and informed law enforcement to support efforts. Due to this, Nereus mitigated the exploit and paused it.
In addition, the team paid off the bad debt using NXUSD from the Team’s treasury. Nereus reports that user funds aren't at risk, adding that no part of the lending and borrowing was ever at risk.