June 8, 2023

Data from blockchain cybersecurity firm CertiK indicates that $370,000 in flash loan attacks exploited the Avalanche blockchain earlier this week. Decentralized finance (DeFi) has been a lucrative target for flash loan attacks for years.

From a series of attacks on Binance Smart Chain dapps in 2021 to the previous loss of $182 million on the Beanstalk platform, the type of exploit was increasingly frequent and serious.

Avalanche Hit By A Flash Loan

A flash loan is a form of making an instant loan, posting any collateral, or even assuming any liability for the loan. The main purpose of this form is to earn profit by the price difference.

A flash loan attack typically takes advantage of that nature and the vulnerabilities to prey on the protocols.

DeFi’s innovation is interesting. Imagine you use the flash loan for arbitrage.

You can make some insane arbitrage trades without needing any capital. In an ideal scenario, someone with zero net worth could make a multi-million dollar trade and immediately pocket hundreds of thousands in one transaction. That explains why it’s one of the most common and favorite practices among hackers.

The Avalance attacker managed to get away with $370,000 in USDC from a smart contract and many liquidity providers using this practice, according to CertiK.

The cybersecurity firm has reported on flash loan attacks that have potentially siphoned off funds from projects like decentralized exchange Trader Joe, staking platform Nereus Finance and automated market maker Curve Finance.

“CertiK Skynet has reported a flash loan attack on AVAX impacting contract 0xe767c… & some LPs. The attacker profited ~$370k USDC,” CertiK’s official Twitter account said.

Not A Lot of Info Yet

Avalanche hasn’t yet revealed any further announcement on the attack. But it’s evident that the attacker allegedly interacted with a smart contract and several liquidity providers to procure AVAX, the native token of the Avalanche network.

The cyber attack normally consists of 3 steps. First, the hacker exploits the vulnerability of a smart contract to borrow digital assets without collateral via a DeFi protocol.

Subsequently, the hacker performs price manipulation. And finally, he resells the crypto assets he borrowed to collect a capital gain. The attack would have taken place Tuesday around noon. Following the incident, AVAX experienced a slight drop in price.

Skynet, an on-chain tracking system built by CertiK that constantly monitors transactions in online smart contracts and flags those that appear suspect, was used to detect this breach. The hacker’s identity is currently unknown, which is a typical nature of this form of attack.

Market Maturity Needs Regulations

While the flash loan attacks do not have much impact on loan protocols, it poses a significant concern for crypto holders in the DeFi space.

Speaking of users’ safety in the era of digital assets, The International Monetary Fund (IMF) recently made a call for the issuance of global cryptocurrency legal frameworks.

Two senior executives at the organization outlined in a publication that regulatory frameworks for cryptocurrency play a vital role in establishing and fostering a safe space for crypto innovation.

To wit,

“A global regulatory framework will bring order to the markets, help instill consumer confidence, lay out the limits of what is permissible, and provide a safe space for useful innovation to continue.”

Earlier this week, the IMF hinted at a possible adoption of crypto technology to create a richer monetary ecosystem. Finally a recognition of cryptos?

Not really. The IMF put emphasis on the underlying technologies and innovations in association with the supportive foundation of central banks.

Although the crypto space is not only about DeFi, regulators call for the need to protect consumers from the dangers of cyber attacks targeting decentralized finance.

The IMF, as well as global governments, have long talked about the effects of decentralization and the importance of strict regulation if cryptocurrencies are to be adopted globally.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *