DFX Finance is a decentralized exchange based on Polychain. The platform is dedicated to a specific category of cryptos: fiat-backed stablecoins. She managed to raise $5 million in funds last year. This was an early round of funding led by Polychain Capital and True Ventures. Everything seemed to be going well for the DFX Finance protocol before its team announced some sad news this morning.
The stablecoin exchange got hacked
This November 11, the stablecoin exchange DFX Finance announced bad news to the crypto community on Twitter. Indeed, he said: We have been informed today of suspicious activity on DFX contracts. The attack started on November 10, 2022 at 07:21:59 PM +UTC from wallet 0x14c19962e4a899f29b3dd9ff52ebfb5e4cb9a067“.
It appears that DFX Finance was notified of the suspicious activity within 30 minutes of the first transaction. The exchange quickly reacted by putting paused all operations related to DFX contracts. His reaction came minutes after he received confirmation that it was indeed an attack.
DFX Finance explained that the hacker stole $7.5 million in assets. But, the latter only managed to transfer $4.3 million to his wallet. The remaining $3.2 million is on the wallet of an MEV bot operator who is asked to return it to the exchange.
How was the crypto hack carried out?
The stablecoin exchange explained that the hacker used an unsecured flash loan system to perform the exploit. It appears that this functionality had been implemented by DFX Finance on the Ethereum network. It turns out that the mechanism makes it possible to borrow cryptos (in large quantities) without collateral. However, the function is subject to one condition: the funds must be returned during the same transaction.
In fact, the hacker used the system to borrow stablecoins which he redeposited into the exchange’s liquidity pools. He then used an insecure callback function to bypass the flash loan monitoring system. Then he sold the liquidity pool tokens that were in his possession.
DFX Finance has reassured users by saying that “Polygon pools were not affected”. Indeed, the exchange managed to“pause contracts before hacker goes to Polygon’s side”. Separately, he urged Polygon LP holders to “withdraw funds from their DFX poolsas soon as it becomes possible.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss any of the essential Tremplin.io!
