DeFi Lending Platform Built on Polygon (MATIC) Hacked for $220,000 in Flash Loan Attack

Decentralized exchange (DEX) QuickSwap is ending its lending pool after sustaining losses in a flash loan attack.

The Polygon (MATIC) based DEX says $220,000 worth of tokens were stolen following an exploit of DeFi platform Market XYZ.

The platform says the incident stems from a flaw in automated market maker (AMM) Curve Oracle, which Market XYZ was using.

“QuickSwap Lend is closing. $220,000 was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which Market XYZ was using.”

QuickSwap says the hack did not affect any user funds and clarifies that the DEX’s contracts haven’t been compromised.

However, the platform is terminating support for Market XYZ, and urges the platform to compensate for the losses of stablecoin creator Qi Dao, which provided the pool’s seed funds.

“We are encouraging users with funds deposited in Market xyz’s open markets on QuickSwap to withdraw them now, as we are in the process of closing them down.

Blockchain security firm Peckshield says the attack was achieved by compromising Curve Oracle’s price feed, and then borrowing funds based on the new inflated price.

“It is a price manipulation issue. The miMATIC market uses CurvePoolOracle for price feed, which is manipulated to borrow funds from the market.”

Image
Source: PeckShield/Twitter

Peckshield also says blockchain security firm ChainSecurity reported the vulnerability earlier this month.

The DeFi space has already seen several large exploits this month, including Olympus decentralized autonomous organization (DAO) and Mango Markets DAO.

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox

Check Price Action

Follow us on Twitter, Facebook and Telegram

Surf The Daily Hodl Mix

Check Latest News Headlines

&nbsp

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Vink Fan/Voar CC

 

Source: https://dailyhodl.com/2022/10/25/defi-lending-platform-built-on-polygon-matic-hacked-for-220000-in-flash-loan-attack/