In a recent turn of events, Wise Lending, a Web3 lending app and yield aggregator, found itself at the center of an exploit on January 12, resulting in the loss of 170 Ether. This amounted to $440,000 at current market prices that Wise Lending lost, shedding light on the persistent vulnerabilities within decentralized finance (DeFi) protocols.
Wise Lending reports flash loan attack
The Wise Lending attack unfolded at 7:29 pm UTC, orchestrated by an unidentified party that employed an unverified contract with an address ending in d82c. The modus operandi involved transferring a variety of tokens into this contract, including $9,000 worth of USD Coin, $2,000 worth of Tether, $5,000 worth of Dai, 18.51 Wrapped Ether (WETH) valued at $47.694, and several tokens associated with Pendle Finance. The exploit took a significant turn as the attacker borrowed 1,110 Lido Staked Ether (stETH) tokens, totaling $2.9 million, from the Aave lending protocol.
Flash loans, a common tool for exploiters, facilitated the manipulation of oracle prices, a technique that exploits vulnerabilities in pricing mechanisms. Pseudonymous blockchain security researcher Spreek was quick to raise the alarm on social media, disclosing that Wise Lending had fallen victim to an exploit resulting in the loss of approximately 170 ETH. Speculation emerged within the crypto community, with Spreek suggesting a potential association between the vulnerability and a new Pendle Finance derivative token.
Defi protocols and their rocky start to 2024
Another security researcher, Officer’s Notes, echoed the sentiment, emphasizing the recurring nature of such exploits, stating, “Another day, another exploit.” Officer’s Notes delved into the technicalities, proposing that the vulnerability might be linked to a 7% price swing between stETH and ETH within a specific pool. This swing, according to the Officer’s Notes, was influenced by an AAVE v2 stETH flashloan. The unfolding of events in the early days of 2024 has set a concerning tone for the DeFi landscape. Losses exceeding $5 million have been recorded through exploits on various protocols.
Radiant Capital experienced a significant blow on January 3, losing over $4.5 million, while Gamma Protocol, a liquidity manager, succumbed to an exploit, losing over $400,000 the following day. The vulnerability of DeFi protocols to exploits has been a persistent concern, with 2023 witnessing cumulative losses of over $1.8 billion due to crypto hacks, scams, and exploits, according to blockchain security platform Certik. These incidents highlight the urgency for heightened security measures, regular audits, and swift responses to vulnerabilities within the rapidly evolving DeFi space.
As the crypto ecosystem advances, the need for protocols to adapt and reinforce their defenses becomes increasingly apparent. Comprehensive security practices are vital to protect user funds and preserve the credibility of decentralized financial platforms. The frequency and sophistication of these exploits underscore the challenges faced by the DeFi community, emphasizing the continuous efforts required to ensure the integrity and security of decentralized finance in an ever-changing landscape.
Source: https://www.cryptopolitan.com/wise-lending-loses-400000-flash-loan-attack/