Flash loan attacks steal crypto millions in seconds

187
SHARE

Saddle Finance lost over $11 million to hackers on Saturday, April 30th. April was a record-setting month for hacks on DeFi protocols. And many were flash loan attacks. 

In a flash loan attack, 3,933 ETH ($11 million) was pulled from the “decentralized automated market maker” Saddle Finance in less than a minute. 

Saddle is an open-source platform. It is a DeFi automated market maker (AMM) on the Ethereum blockchain which trades pegged value crypto assets.

Signup for the USA Herald exclusive Newsletter

The hacker was laundering the stolen funds through the Tornado Cash tumbler shortly after the attack.

Saddle Finance launched in January 2021. And had a loss of $275,000 last year. In the first hack, an attacker was able to arbitrage Saddle Finance pools to steal funds.

 

 

Saddle Finance launched in January 2021. And had a loss of $275,000 last year. In the first hack, an attacker was able to arbitrage Saddle Finance pools to steal funds.

Flash loan attacks getting more common

Deus Finance was also hit by a flash loan attack. And it netted $13.4 million for the hackers. 

Deus Finance is a multi-token decentralized finance (DeFi) marketplace.

The hacker behind the attack then funneled the stolen funds using the coin mixer tool Tornado cash with the Multichain Protocol (previously known as AnySwap).

The loss to the protocol was likely larger than what the hacker was able to withdraw from the platform. And Deus announced that no users had been liquidated and that “the loss is on the protocol”.

They suffered a similar hack attack last month in which over 3 million were stolen. The first exploit resulted in over $3.1 million in losses in the Dai (DAI) and Ether (ETH).

Deus implemented an immediate reimbursement plan for users who were liquidated in the incident.

According to Lafayette Tabor, the CEO of Deus Protocol, the exploit in this incident was not the same one used in the previous attack.

He wrote on Twitter that the exploit was “the first of its kind, a zero-day exploit on Solidly (decentralized crypto exchange) swaps”.

Beanstock Farms also lost $182 million in a cryptocurrency hack attack in mid-April. Using the flash loan method, it only took 13 seconds for the theft.

Blockchain analytics company PeckShield reported the attack that hit Beanstock for $182 million. And likely made the attacker around $80 million in profit, after expenses.