Bitcoin
Bitcoin (BTC)
$67,502.00 -2.44268
Bitcoin price
Ethereum
Ethereum (ETH)
$2,422.91 -1.96894
Ethereum price
BNB
BNB (BNB)
$550.76 -1.53823
BNB price
Solana
Solana (SOL)
$157.99 -3.30019
Solana price
XRP
XRP (XRP)
$0.503801 -0.02516
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000169 -0.45533
Shiba Inu price
Pepe
Pepe (PEPE)
$0.000008 -2.85407
Pepe price
Bonk
Bonk (BONK)
$0.0000178 -1.82025
Bonk price
Bitcoin
Bitcoin (BTC)
$67,502.00 -2.44268
Bitcoin price
Ethereum
Ethereum (ETH)
$2,422.91 -1.96894
Ethereum price
BNB
BNB (BNB)
$550.76 -1.53823
BNB price
Solana
Solana (SOL)
$157.99 -3.30019
Solana price
XRP
XRP (XRP)
$0.503801 -0.02516
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000169 -0.45533
Shiba Inu price
Pepe
Pepe (PEPE)
$0.000008 -2.85407
Pepe price
Bonk
Bonk (BONK)
$0.0000178 -1.82025
Bonk price
Bitcoin
Bitcoin (BTC)
$67,502.00 -2.44268
Bitcoin price
Ethereum
Ethereum (ETH)
$2,422.91 -1.96894
Ethereum price
BNB
BNB (BNB)
$550.76 -1.53823
BNB price
Solana
Solana (SOL)
$157.99 -3.30019
Solana price
XRP
XRP (XRP)
$0.503801 -0.02516
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000169 -0.45533
Shiba Inu price
Pepe
Pepe (PEPE)
$0.000008 -2.85407
Pepe price
Bonk
Bonk (BONK)
$0.0000178 -1.82025
Bonk price
Bitcoin
Bitcoin (BTC)
$67,502.00 -2.44268
Bitcoin price
Ethereum
Ethereum (ETH)
$2,422.91 -1.96894
Ethereum price
BNB
BNB (BNB)
$550.76 -1.53823
BNB price
Solana
Solana (SOL)
$157.99 -3.30019
Solana price
XRP
XRP (XRP)
$0.503801 -0.02516
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000169 -0.45533
Shiba Inu price
Pepe
Pepe (PEPE)
$0.000008 -2.85407
Pepe price
Bonk
Bonk (BONK)
$0.0000178 -1.82025
Bonk price

Hackers liquidate Defrost Finance, triggering a $12m loss

hackers-liquidate-defrost-finance-triggering-a-12m-loss
Edited by
News
Hackers liquidate Defrost Finance, triggering a $12m loss

Blockchain security watch firm PeckShield confirmed a flash loan attack in Defrost Finance has led to users losing more than $12 million. 

Defrost V1 and V2 under investigation 

After a few users complained about significant losses in their accounts, Defrost Finance announced an investigation into a possible hack on its Defrost V1 and V2 platforms. Doran, a core team member, informed the users to refrain from using Defrost V2 through Telegram. 

Hackers liquidate Defrost Finance, triggering a $12m loss - 1
Message by Doran, core community member Defrost Finance. Source: Telegram 

At first, the platform thought only Defrost V2 was under attack and decided to shut it down to protect users. The hacker targeted MetaMask Wallets housing users’ staked Defrost Finance (MELT) and Avalanche (AVAX) tokens.

In another announcement, Defrost Finance, through Doran, announced its Defrost V1 was also under attack and advised users to withdraw funds in the protocol to avoid further losses.

An initial analysis by PerkShield showed an exploit through manipulation of the flash loan and deposit functions which was possible due to a lack of a reentrancy lock. The hacker used the option to tamper with LSWUSDC’s share price. At the time, the hacker had gained about $173,000.

Further analysis showed the hacker introduced a face collateral token and used a malicious price oracle to liquidate users in the platform. Losses resulting from the hack are estimated to be more than $12 million.

Defrost Finance is an entirely fair launch trading platform operating in Avalanche blockchain. The company has advised its investors to stop using its platform as the internal team works towards investigating and resolving the issue.

The community did not take Defrost Finance’s announcement literally but viewed it as a tug-of-war situation. The attackers are holding an essential part of the platform, which calls for immediate actions that might save the situation. The management of Defrost Finance is ready to settle with the attackers, thus announcing an offer to hackers in the latest developments. 

Frequency of flash loan attacks

On December 10, attackers infiltrated Arbitrum-based borrowing protocol, Lodestar Finance, through a flash loan attack. According to Lodestar, the attacker overstated the plvGLP token and then used the manipulated token to borrow the entire network’s available supply of liquidity. The attacker took more than $5.8 million, but Lodestar confirmed reverting about $2.8 million that helped repay depositors.