Another day, another DeFi hack. This time, the decentralized finance (DeFi) protocol New Free DAO is the victim of a flash loan attack, losing more than a million dollars worth of assets to the hacker. Shortly after the exploit, NFD, the native token of the protocol, crashed by 99%.
New Free DAO Losses $1.25M to Hacker
The exploit was identified by blockchain security firm CertiK, in the early hours of Thursday. According to the firm, the attacker deployed an unverified contract and called the function “addMember()” to add itself as a member before carrying out three flash loan attacks with the assistance of the unverified contract.
CertiK stated that the hacker used the new attack contract to borrow WBNB via flash loan and swapped it for NFD and got rewarded by interacting with the unverified contract. The attacker then repeated the process with the newly-made contract.
At the end of the attack, the hacker generated 4,481 WBNB ($1.25 million) in profits after repaying the flash loan. At the time of writing, 400 BNB (Worth $111K) have already been transferred into the recently-sanctioned crypto mixer Tornado Cash.
CertiK further noted that the attacker was connected to Neorder attack four months ago that resulted in the loss of over 930 BNB.
New Free DAO Still Vulnerable
Another security firm Beosin said it identified another vulnerability with the New Free DAO protocol that could lead to another flash loan exploit.
Explaining how it could happen, the firm noted that the price of NFD could be manipulated since they are determined by “using the balance of USDT in the pair,” which might lead to a flash lohan attack if exploited.
DeFi Hacks on the Rise
Meanwhile, as DeFi continues to grow significantly and gain traction, hackers have turned the sector into a playing ground, siphoning huge amounts of funds from vulnerable protocols.
In June, decentralized lending platform Inverse Finance suffered its second attack of the year, losing about $1.26 million to hackers. The following month, Solana-based DeFi protocol Crema Finance lost $8.7 million loss in a flash loan attack.
Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!
Source: https://coinfomania.com/defi-protocol-new-free-dao-losses-1-2m-in-flash-loan-hack/