Lending protocol, Warp was exploited with a complex flash loan attack for $7.7 million worth of stablecoins. Hacken Club audited the project.
The attack on Thursday allowed the hacker to borrow more than their collateral value resulting in a loss of stablecoin lender funds. Later on Thursday or earlier on Friday, the team took to Twitter to share with the community,
“We are investigating irregular stablecoin loans taken out in the last hour, we recommend that you do not deposit anymore stablecoins until we have clarity on the irregularities.”
Out of the lost $7.7 million, the team plans to recover about $5.5 million that is still “secured in the collateral vault.”
“Upon successful recovery, these will be distributed to users who experienced a loss,” announced the team. Additional plans are also in place to compensate for users’ loss over time, they added.
The decentralized finance project team said they would share a detailed analysis of the attack in the coming days once they have more understanding of the exploit.
Taking a look…https://t.co/UzyDETcmur
This is the second attack whish uses multiple flash liquidity,
flash swaps via Uniswap and flash loans via dYdX
— Emiliano Bonassi | emiliano.eth (@emilianobonassi) December 17, 2020
Just a day before the attack, the lending protocol that powers a liquidity engine migrated to Warp Finance v2 with a 24 hours grace period. The latest version enabled borrowing for protocol users against LP tokens and be rewarded with the to-be-released governance token WARP.
The TVL of the project has more than halved after the attack. Only $6 million funds are currently locked in the project, down from $17 million, as per DeBank.