10. August 2023

Aave’s Earning Farm Hacked: $287,000 Stolen in Re-Entrancy Attack

Von admin

•Aave’s Earning Farm was the target of a hack and reportedly lost approximately $287,000 in ETH.
•The attack happened due to re-entrancy attacks.
•Regulators are taking action to increase surveillance and implement measures to protect users.

Hack Targeting Aave’s Earning Farm

On Aug. 9, blockchain security firm PeckShield exposed fresh vulnerabilities across multiple decentralized finance (defi) projects. Aave’s Earning Farm, which supports Ethereum (ETH), Wrapped Bitcoin (wBTC), and USDC, was a target and reportedly lost approximately $287,000 in ETH.

Re-Entrancy Attacks

PeckShield is now alerting protocols about the potential danger of falling victim to re-entrancy attacks. This type of attack happens when someone makes a call to a contract that can’t be trusted, and then another call is made that takes funds out. If the contract doesn’t update quickly enough, the attacker can keep withdrawing all funds from the protocol. In October 2022, Aave’s Earning Farm faced two flash loan attacks on its EFLeverVault. Supremacy, a blockchain security agency, stated that 750 ETH was stolen. Flash loan attacks borrow large amounts of cryptocurrency in one transaction, manipulate its value across multiple transactions, and repay the loan within the same transaction.

Vulnerability Across Multiple Defi Projects

The recent re-entrancy attack on Aave’s Earning Farm has since raised questions about potential coordinated efforts to exploit vulnerabilities across various defi protocols. Multiple protocols including those using Vyper programming language have been targeted in recent weeks by hackers attempting these re-entrancy attacks.

Increasing Surveillance

Even so regulators are taking action to increase surveillance and implement measures to protect users from similar hacks or flash loan thefts occurring again on other platforms .

Bounty Offered for Hacker

Hacked protocol Steadefi offers $33k bounty to hacker 1 day ago for identifying attackers responsible for exploiting their platform’s vulnerability which resulted in loss of funds worth millions of dollars .