找回密码
 立即注册
首页 区块链新闻 查看内容
  • QQ空间

DeFi借贷协议Akropolis遭受闪电贷攻击,损失200万美元DAI

2020-11-13 16:14

周四上午,去中心化金融(DeFi)协议Akropolis因一个漏洞损失了200万美元的DAI。

根据Akropolis团队的最新消息,他们正在撰写时间分析报告,同时该团队正在探索补偿受影响的用户的方法。

 

Akropolis是DeFi借贷和存储服务提供商,用户可以从加密货币储蓄中获得贷款并产生收益。该服务的存储部分用的是Curve协议,在当天早些时候的攻击中被利用了。

合约地址0xe2307837524Db8961C4541f943598654240bd62f对Akropolis的YCurve和sUSD存储池执行了一系列dYdX闪电贷攻击,然后将产生的200万美元DAI发送到另一个地址:0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c。截至发稿时,这笔资金似乎仍在该地址。

闪电贷允许用户立即借入资金,前提是这些资金可以在一个交易区块内归还,这意味着用户可以利用无抵押贷款。在Akropolis攻击事件中,重入攻击和dYdX闪电贷的组合攻击了存储池。据Akropolis称,这些池曾由两家公司审计,但黑客使用的攻击向量均未在两次审计中被发现。

Akropolis表示,其协议中的大部分资金都是安全的。Compound DAI、Compound USDC、AAVE sUSD、AAVE bUSD、Curve bUSD和Curve sBTC均不受影响。其原生的AKRO和ADEL的质押池也没有受到影响。

与此同时,所有稳定币池已被暂停,交易所已被告知黑客行为。Akropolis团队正在与安全专家进行讨论,以此分析、回顾其开发和安全流程。

 

Decentralized finance (DeFi) protocol Akropolis lost $2 million in DAI in an exploit on Thursday morning.

According to an update from the Akropolis team, a post-mortem analysis is forthcoming, and the team is exploring ways to reimburse those affected.

Akropolis is a DeFi lending and savings service provider that enables users to take out loans and generate yield on cryptocurrency deposits. The savings portion of the service, which utilizes Curve protocol, was exploited in the attack earlier in the day.

The contract address 0xe2307837524Db8961C4541f943598654240bd62f, which appears to the exploiter, executed a series of dYdX flash loan attacks on Akropolis' YCurve and sUSD savings pools before sending the resulting $2 million DAI to a different address: 0x9f26ae5cd245bfeeb5926d61497550f79d9c6c1c. The funds do not appear to have left that address as of the time of writing.

Flash loans allow users to borrow funds instantly, given they are returned within one transaction block, meaning users can take advantage of uncollateralized loans. In the case of the Akropolis attack, a combination of a re-entrancy attack and dYdX flash loan origination exploited the savings pools. The pools had been audited by two firms, according to Akropolis, but the attack vectors used by the hacker were not identified in either audit.

The majority of the funds on the protocol are safe, according to Akropolis. Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD and Curve sBTC were unaffected. Native AKRO and ADEL staking pools were also untouched. 

In the meantime, all stablecoin pools have been paused and exchanges have been informed of the hack. The Akropolis team is in discussions with security specialists as it reviews its development and security processes for the coming analysis.

 

 

 

原作者: Aislinn Keely 来自: theblockcrypto