Wise Lending Suffers $440k Exploit; Decentralized Finance Losses Mount in 2024
Summary:
Wise Lending, a Web3 lending app and yield aggregator, was compromised in an exploit draining 170 Ether (ETH), worth $440,000. The attacker is speculated to have manipulated an oracle price using a flash loan, affecting multiple tokens. A loan of 1,110 Lido Staked Ether (stETH) tokens from AAVE lending protocol was linked to the exploit. Blockchain security researchers point to a potential association between the vulnerability and a new Pendle Finance derivative token. The year 2024 has already recorded significant losses in decentralized finance (DeFi) protocols, with over $5 million lost via exploits.
The Web3 Loan Application and aggregator of yield, Wise Lending, underwent an assumed exploit on January 12, which resulted in a loss of 170 Ether (ETH), valuing roughly $440,000, as testified by various cybersecurity specialists. It is believed that an oracle price was tampered with through a flash loan to trigger the exploit. Blockchain details reveal that the exploit occurred at 07:29 pm UTC. The funds were extracted using an uncertified contract, identified by the ending address d82c. Several tokens were shifted into these contracts, comprising $9,000 in USD Coin (USDC), $2,000 in Tether (USDT), $5,000 in DAI, 18.51 Wrapped Ether (WETH) ($47.694), along with numerous tokens associated with Pendle Finance.
In the course of the exploit, the attacker took a loan of 1,110 Lido Staked Ether (stETH) tokens worth $2.9 million from the AAVE lending protocol. A common tactic of exploiters is the usage of flash loans to tamper oracle prices.
Spreek, an anonymous blockchain security researcher, alerted the crypto populace about the attack, stating that Wise Lending suffered an exploit leading to a loss of approximately 170 eth. In a comment on their own post, Spreek proposed that Pendle Finance's new derivative token might be linked with the vulnerability. Another cybersecurity expert known as Officer’s Notes, shared Spreek's post maintaining that exploits occur daily. As per Officer’s Notes, a price swing of around 7% between stETH and Ether (ETH) inside a specific pool might have triggered the vulnerability. This price change was supposedly due to an "AAVE v2 stETH flashloan."
Despite the fact that the year 2024 has just begun, existing records suggest that decentralized finance (DeFi) protocols have already suffered a loss of around $5 million due to exploits. On January 3, Radiant Capital suffered a setback of more than $4.5 million. The next day, Gamma Protocol, a liquidity manager, lost over $400,000 in another exploit. According to the blockchain security platform Certik, the year 2023 recorded the loss of $1.8 billion via crypto frauds, exploits, and hacks.
Published At
1/13/2024 12:48:32 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.