Decentralized finance protocol Ola Finance has suffered a re-entrancy attack which saw some $3.6 million worth of crypto drained from its protocol.
Blockchain security firm PeckShield issued a disclosure which analyzed and diagnosed the exploit. According to the security firm, the exploit was done using a re-entrancy attack in which a threat actor utilized bugs in Ola Finance’s smart contracts, causing the protocol’s decentralized lending platform to unknowingly provide the attacker with a loan based on a fake collateral. The threat actor withdrew funds using Tornado Cash, an anonymity protocol that allows users to execute transfers without a trace.
Once the funds from Tornado Cash were transferred to the Fuse network over which Ola Finance operates, a fake collateral was made in place and loans were taken out of Ola’s decentralized lending platform. With the use of the re-entrancy bug on Ola Finance’s smart contract, the attacker promptly removed the collateral without paying the loan.
This latest in a series of attacks targeting decentralized finance (DeFi) platforms comes at the heels of another attack in which Axie Infinity’s Ronin sidechain was exploited for roughly $625 million. The spate of attacks on DeFi platforms has led to a renewed focus on security, with some experts calling for increased scrutiny of smart contract code.
1/2 Standing together, @ola_finance and @voltfinance remain united in our efforts to compensate users suffering from the latest exploit.
All projects accept responsibility and ask our communities to focus on the next steps of growth, rather than assigning blame.
— Ola.finance (@ola_finance) March 31, 2022
Post the attack, the threat actor repeated the same procedure and executed attacks on several other Ola Finance liquidity pools, promptly transferring stolen funds on Ethereum and Binance’s BNB Chain.
In response, Ola Finance has since paused its lending protocol on the Fuse network and claimed that it will provide an official report that would explain the exploit’s circumstances in detail.
The re-entrancy exploit done to Ola Finance underscores the importance of security in DeFi protocols and the need for greater due diligence when it comes to contract code. As the popularity of decentralized finance continues to grow, it is likely that we will see more exploits and hacks in the coming months and years. PeckShield urges all DeFi developers to take a closer look at their code and to ensure that proper security measures are in place to protect their users.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2022/04/ola-finance-suffers-re-entrancy-hack-3-6m-exploited-from-defi-protocol