In the latest major hack attempt against Avalanche (AVAX), a blockchain-targeted flash loan attack allowed its unknown perpetrator to steal up to $370,000 worth of USD (USDC) coins, according to a recent announcement by CertiK Alert.
“Possible impacted protocols include: @nereusfinance, @traderjoe_xyz, @CurveFinance,” according to the tweet.
A flash loan allows any available amount of assets to be borrowed from a designated smart contract pool without placing collateral. Flash loans are useful features for decentralized finance (DeFi) building blocks, and they can be used for a number of activities such as arbitrage, collateral exchange, as well as self- liquidation.
In response to the original thread, user Eduardo, who says he is affiliated with DeFi platform Abracadabra.money, tweeted that, according to him, the latest development “appears to be an unauthorized fork of Abracadabra’s code run by @nereusfinance”.
Avalanche attack is the latest DeFi exploit in a continuing trend
A recent release report by blockchain analytics company On-chain analysis indicates that the astonishing rise in funds stolen from decentralized finance (DeFi) protocols, a trend that began in 2021, is continuing this year.
“DeFi protocols are particularly vulnerable to hacking, as their open source code can be studied ad nauseam by cybercriminals looking for exploits (although this can also be useful for security as it enables auditing of the code), and it is possible that the protocols’ incentives to reach the market and grow rapidly lead to gaps in security best practices,” according to the report.
“Additionally, much of the value stolen from DeFi protocols can be attributed to bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group.
We estimate that so far in 2022, North Korea-affiliated groups have stolen approximately $1 billion worth of cryptocurrency from DeFi protocols,” Chainalysis said.