An unknown attacker devastated the YCURVE and sUSD liquidity pools of the Akropolis project in DAI stablecoins worth $ 2 million. He hacked smart contracts that were audited twice.
We recently identified a hack executed across a body of smart contracts in the "savings pools" that have been audited twice. We are working with security specialists and on-chain analytics providers and aim to make a more detailed statement shortly. Thank you for your patience.
— Akropolis (@akropolisio) November 12, 2020
According to analyst Stephen Zheng, the hacker withdrew assets in tranches of 50,000 DAI for seven hours until the liquidity in the pools was completely depleted.
Seems like Akropolis got hacked.
— Steven (@Dogetoshi) November 12, 2020
Hacker took $2M in DAI. Exploit involved its Curve savings pools. pic.twitter.com/dmd0xNhKwX
Subsequently, the attacker transferred funds to a new address.
Trending: Smart Contracts Audits Startup Hexens Closed $4.2 M Seed Funding
DeFi project Akropolis allows you to take loans and generate profitability on cryptocurrency deposits.
According to the project's statement, the pools have been audited by two independent audit firms. They found no vulnerability in the savings portion of the service using the Curve protocol. The hacker carried out a series of attacks to obtain instant loans (flash loans). Such loans are repaid within one block of transactions, allowing you to not use collateral.
The project team started to perform several security procedures. All stablecoin pools have been suspended, and exchanges have received notifications. Third-party security experts work with developers to investigate the issue.
Funds in Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD, and Curve sBTC, as well as native AKRO and ADEL tokens, have not been damaged and are safe.
Trending: Finder: Bitcoin could hit $80,000 by 2025
The project is studying ways to reimburse users for losses and will present its proposal shortly.
Against the background of reports of hacking, the Akropolis (AKRO) rate fell at the moment by 23%. The decrease in prices over the last day was 18.9%.
The incident did not generally affect the decentralized finance sector. According to DeFi Pulse, the number of blocked funds in the protocols set a new record of $ 13.74 billion.