Connect with us

Hi, what are you looking for?

Cyber Security

Flash loan attack on One Ring protocol nets crypto-thief $1.4 million

Attackers have stolen $1.4 million from the One Ring protocol via a flash loan attack, blockchain platform One Ring Finance has revealed.

Losses from the attack, which unfolded on Monday (March 21), totaled $2 million after swap and flash loan fees, said One Ring, a ‘multi-chain cross-stable yield optimizer platform’.

The hacker borrowed $80 million in USDC with Solidly flash loans to raise the price of the underlying LP tokens in the block span, according to a One Ring post-mortem published on Tuesday (March 22).

“This changed OShare’s price and drove a large amount of OShare tokens out of the protocol.”

The attack did not affect OneRing (RING) tokens, liquidity pools, or “farming opportunities in the Fantom space”, said One Ring.

Track the attack

The so-far unknown hacker, who made off with more than $1.4 million in USDC stablecoin, configured the contract used for the exploit “to self-destruct at a specific block, making it almost impossible to track what specific functions from our contracts were called in order to steal the funds”.

“We are already working with node providers in order to get the information of the block where the contract was deployed,” added One Ring. “We believe we can find the bytecode, decompile it and at least have a brief idea on how this contract was structured.”

The hacker’s Ethereum wallet was funded by Tornado Cash and the stolen funds were turned into the same tumbling protocol, which obfuscates transaction history.

This made “it almost impossible to track” the source of the attacker’s funding or warn other platforms of the attacker’s activities”.

‘Clean all our code’

One Ring said it was nevertheless working to identify the attacker, as well as restart its vault, redeploy smart contracts, compensate victims, and remedy vulnerabilities exploited by the hacker.

“We have been collaborating with many qualified developers and protocols in order to clean all our code,” it said. “This was completely unexpected, even for some senior developers that reviewed our code before.”

One Ring has also extended a “longshot” offer to the hacker of 15% of the stolen funds and one million RING tokens as a bounty for returning the funds.

Blockchain security company CertiK said on Tuesday it is currently auditing another One Ring contract and has discovered vulnerabilities that may lead to further flash loan attacks.

“This is why CertiK highly recommends and stresses the importance of getting an audit before deployment of a contract,” said CertiK CEO and co-founder Ronghui Gu.

Source: https://portswigger.net/daily-swig/flash-loan-attack-on-one-ring-protocol-nets-crypto-thief-1-4-million

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The law enforcement agency says it has been tracking large volumes of cryptocurrency stolen by North Korean hackers during a summer of high-profile cyber...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO