Nereus Finance On Avalanche Process Exploited Flashloan $371,000 Stolen

Avalanche-based lending protocol Nereus Finance was the victim of a flashloan hack that resulted in a user using USD Coin (USDC) having $371,000 stolen using smart contract mining.

Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on September 6, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange Trader Joe and automated market maker Curve Finance.

Then blockchain security firm PeckShield Inc. also issued a warning to Nereus Finance.

On September 7, Nereus Finance released a detailed post-mortem of the incident explaining an “exploiter” was able to deploy a custom smart contract that utilized a $51 million flash loan from Aave to artificially manipulate the AVAX/USDC Trader Joe LP (JLP) pool price for a single block.

As a result, the unidentified hacker was able to create NXUSD, the native token of Nereus, for 998,000 versus $508,000 in security. Once the flash loan was repaid, they were able to exchange this money into a variety of assets using a number of liquidity pools and walk away with a net profit of $371,406 in the process.

The incident resulted in the generation of NXUSD “bad debt” in the NXUSD protocol totaling $500,000.

The Nereus Finance team claims that it acted swiftly to address the issue; following consultation with security professionals, the creation of a mitigation strategy, and the notification of law enforcement, they liquidated and suspended the abused JLP market.

According to reports, the team’s treasury was used to pay off the bad debt using NXUSD.

According to Nereus Finance, mining is due to negligence in the price calculation, leading to the opportunity to be mined. However, it stressed that “no users funds are at risk, and NXUSD continues to be over collateralized” and the “Lending and Borrowing protocol was not affected by this exploit”.

Nereus is also confident the same exploit won’t be possible a second time, as the team will be  amending its “audit and security practices in order to ensure these types of events do not occur in the future,” 

The Nereus team is trying to identify the hacker and track the funds and has offered a 20% bonus to the White Hats for the refund. However, so far there has been no response.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News