DeFi protocol Akropolis, established to arouse interest in Ethereum-based assets, was hacked with flash credit. Roughly $ 2 million worth of DAI was evacuated from several of the project’s pools.
In a statement released on the evening of November 12, the project said, “We noticed a discrepancy in the APYs of our Stablecoin pools and we determined that ~ 2.0 million DAIs were discharged from yCurve and sUSD pools.” As is known, Curve is a protocol used to trade stablecoin and earn interest. According to the Acropolis, other Curve pools (bUSD and sBTC) as well as Aave and Compound pools were not affected by the attack.
The attacks surprised the Acropolis, who said the pools had gone through two independent inspections. The protocol said, “However, the attack vectors used could not be identified in both checks. “The core of the exploit is a combination of dYdX flash credit generation and a re-login attack,” he explained. The hacker did not keep the stolen money for long and immediately transferred the earnings to another wallet.
Akropolis is committed to reviewing the code and “discovering ways to compensate users for their losses for the project in a sustainable way”. In doing so, he paused all stablecoin pools and announced that he was exchanging information on the hacking.
Attacks on DeFi Projects Increase
Late last month, Harvest Finance lost nearly $ 34 million in reserves of USDC and USDT stablecoin due to the flash credit attack. Earlier in the year, bZx’s margin trading platform was targeted for $ 350,000 exploitation.
As a result of these attacks, the protocol’s governance token AKRO lost 20% in value.