DeFi lending protocol Warp Finance reportedly suffered a flash lending attack that resulted in the loss of as much as $8 million in digital assets.
Reports are coming that an attacker has made between $1 million, up to $8 million according to DeFi Prime. The loss followed a series of flash loans that exploited a vulnerability in the Warp Finance protocol.
Warp Finance is a new DeFi platform announced in early November that allows users to store liquidity provider (LP) tokens from other protocols and receive stablecoin loans in exchange.
Warp Finance’s Twitter feed doesn’t provide any details at the time of writing other than this:
“We are investigating irregular stablecoin loans taken in the last hour, we advise you not to deposit any more stablecoins until we have clarity on the irregularities,”
White hat hackers is investigating the fraudulent transactions that led to the attack. Marqet Exchange co-founder, Emiliano Bonassi, has investigated what happened by stating;
“This is the second attack that uses some flash liquidity, flash swap via Uniswap and flash lending via dYdX,”
He added that the attacker requested three Ether loans wrapped up via flash swap to three different pools on Uniswap and two more on the dYdX trading platform. The funds are then used to mint WETH/DAI liquidity pool tokens (LP) which are used as collateral on Warp Finance to clear its USDC and DAI vaults.
Flash Loan is when crypto collateral is borrowed and repaid in the same transaction. Smart contract audits, like the one done for Warp by Hacken, don’t necessarily protect them because they exploit the system design.
Attack vectors have become the weapon of choice for crypto thieves from the DeFi protocol this year with several protocols including bZX, Balancer, Origin Protocol, Akropolis, and Harvest Finance all falling victim to it. Warp Finance appears to be the latest victim.