In the latest major hacking attempt against Avalanche (AVAX), a flash loan attack that targeted the blockchain enabled its unknown perpetrator to steal as much as USD 370,000 worth of USD Coin (USDC), per a recent announcement by CertiK Alert.
“Possible impacted protocols include: @nereusfinance, @traderjoe_xyz, @CurveFinance,” according to the tweet.
A flash loan allows to borrow any available amount of assets from a designated smart contract pool without placing collateral. Flash loans are useful features for building blocks in decentralized finance (DeFi), and they can be used for a number of activities such as arbitrage, swapping collateral, as well as self-liquidation.
Replying to the original thread, user Eduardo, who says he is affiliated with DeFi platform Abracadabra.money, tweeted that, in his opinion, the latest development “appears to be an unauthorized fork of Abracadabra’s code run by @nereusfinance”.
Avalanche attack is latest DeFi exploit in a continuing trend
A recently released report by blockchain analysis company chain analysis indicates that the astonishing rise in funds stolen from decentralized finance (DeFi) protocols, a trend that began in 2021, is continuing this year.
“DeFi protocols are uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for exploits (although this can also be helpful for security as it allows for auditing of the code), and it’s possible that protocols’ incentives to reach the market and grow quickly lead to lapses in security best practices,” according to the report.
“Furthermore, much of the value stolen from DeFi protocols can be attributed to bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group.
We estimate that so far in 2022, North Korea-affiliated groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols,” Chainalysis said.