Earning.Farm Experiencing Flashloan Attack, 748 ETH Stolen
Earning.Farm’s EFLeverVault contract was hit by two flashloans. The first attack was blocked by the MEV bot, with a loss of 480 ETH, and the second hacker completed the attack with a profit of 268 ETH.
On October 15, blockchain security team Supremacy posted on social media that Earning.Farm’s EFLeverVault contract was hacked by two flashloans attacks.
The first attack was blocked by the MEV bot, with a loss of 480 ETH, and the second hacker completed the attack with a profit of 268 ETH.
After analysis, the vulnerability was caused by the contract’s quick loan callback function not verifying the express loan originator. An attacker could trigger the contract’s fast loan callback logic: pay the Aave stETH debt in the contract and withdraw, then exchange stETH for ETH. The attacker can then call the withdrawal function to withdraw the ETH balance in all contracts.
Earning.Farm is a Dapp that provides user-friendly investment tools in DEFI. The platform has not yet commented on the problem.
Although flashloan is a very convenient form of loan without collateral, it also comes with a lot of risks.
In fact, it is very easy to perform a Flash Loan attack. The majority of Flash Loan-related protocols are not yet resistant to these attacks. Besides, hackers can take advantage of the instant transaction advantage of fast loans to attack multiple markets at the same time.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu