Earning.farm Yield Platform Under Attack: Details


article image

Vladislav Sopov

Earning.farm, popular yield farming platform, suffered two consecutive flash loan attacks

Contents

Earning.farm, a user-friendly yield machine for Ethereum (ETH), Wrapped Bitcoin (WBTC) and USD Coin (USDC) holders, is exploited by malefactors.

Earning.farm drained for almost $1 million, here’s how

As per a statement shared by California-based Web3 security vendor Supremacy Inc., earning.farm DeFi suffered two attacks yesterday, Oct. 15, 2022.

EFLeverVault, a key element of earning.farm DeFi’s design, was targeted by flash loan attacks. Due to an architecture flaw of its contract, attackers managed to withdraw all Ethers (ETH) stored in the contract that was designed to act as collateral.

As explained by a seasoned blockchain security researcher Daniel Von Fange, a contract of EFLeverVault filed to verify the initiator of the large withdrawal:

Ads

The 750 ETH hack from EFLeverVault a few hours ago happened because the contract did not verify that flashloan callbacks were actually initiated by the protocol, allowing the attacker to tell the protocol to withdraw large amounts of funds

As a result, a total of 750 Ethers was siphoned from the protocol: 480 Ethers ended up in an MEV bot, while 268 Ethers were withdrawn by hackers.

Hack season instead of “Uptober”

As Ethereum (ETH), the second largest cryptocurrency, was changing hands at $1,300 yesterday on major spot trading platforms, net losses might exceed $950,000.

October 2022 will be remembered as a month of unmatched attacks against the mainstream DeFi infrastructure. On Oct. 7, 2022, a bridge between two elements of BNB Chain was exploited for $566 million.

On Oct. 12, Solana-based liquidity protocol Mango was drained of $100 million as a malefactor managed to manipulate the price oracles.

Later, the Mango community agreed to pay the largest bug bounty to the hacker: they receive $47 million and return the rest of the funds affected.

Source: https://u.today/earningfarm-yield-platform-under-attack-details