Ola Finance Got Hacked $4.7M in Re-Entrancy Exploit

According to a post-mortem report released by developers, the decentralized lending protocol Ola Finance was hacked for around $4.67 million in a re-entry attack on Thursday. Ola runs a decentralized finance (DeFi) protocol across multiple blockchains, and the hack on Thursday targeted its deployment on the Fuse network. DeFi refers to the use of smart contracts for financial services such as lending and borrowing rather than third parties.

At around 5 a.m. (UTC +3) on March 31st, the Ola lending network on the Fuse blockchain was hacked for 216,964.18 USDC, 507,216.68 BUSD, 200,000.00 fUSD, 550.45 WETH, 26.25 WBTC, and 1,240,000.00 FUSE. In today’s ETH, BTC, and FUSE prices, the total value taken is $4.67 million.

The attack occurred via a re-entrancy vulnerability in the ERC677 token standard. Reentrancy is a common bug that allows attackers to trick a smart contract by making repeated calls to a protocol in order to steal assets. A call is an authorization for the smart contract address to interact with a user’s wallet address.

Attackers were able to trick Voltage’s smart contracts by transferring wrapped assets, creating flash loans, a type of uncollateralized lending, and instructing the smart contract to move payments from Voltage to the hackers’ addresses. Ola Finance said the attack could not be replicated on other lending networks that it supports. “We will investigate each token’s “transfer” logic to make sure no problematic token standards are in use,” the developers said.

Meanwhile, Voltage said it was speaking with external parties to trace the attacker and create a plan to compensate affected users.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

KAZ

CoinCu News