Hackers exploited the Uniswap trading loophole and got away with more than $370K.
One of the first members of Crypto Twitter to report the theft, DegenSpartan, stated on August 4 that traders were using flash loans to buy Ethereum Put oTokens (oETH) from Uniswap. They then reportedly chose the ERC20 token – in this case, the USD Coin (USDC) – as collateral and exercised options trading.
The result is reportedly a double transfer that effectively “steals” the collateral. According to blockchain records, hackers accept Ethereum (ETH) deposits and USDC options.
In an August 4 blog from Opyn, the platform estimated losses from the exploit at 371,260 USDC but said this number is subject to change.
“This exploit allows attackers to ‘duplicating’ oTokens and stealing collateral placed by certain sellers of these items.”
Withdraw Liquidity Quickly
Opyn realized something had happened that day and issued a statement on Twitter, saying that it had removed liquidity from Uniswap during the investigation.
Trying to prevent further abuse of this loophole, Opyn got a bail back of 439,170 USDC from the vault, effectively returning it to Put Sellers. However, some users still feel sad about the loss and the delayed response:
According to Opyn co-founder Alexis Gauba in a Discord chat session, the platform has offered to buy ETH Put oTokens “at above market price,” which is said to be 20% above the best ask price on Deribit.
“This only applies to oTokens purchased before today,”
The last update he posted stated Opyn was working on a plan “to reduce the impact of ETH on put sellers.”