The biggest problem of DeFi-focused altcoin projects is malicious hackers chasing vulnerabilities in protocols. So much so that thousands of users are victimized every month, and we have even seen the teams behind altcoin projects conduct “rug pull” or “honey pot” operations. The latest hack is Flurry Finance…
Another DeFi altcoin project is the latest victim of cybercriminals
Multiple reports claim that approximately $290,000 was stolen from Flurry Finance vault contracts, causing the firm to suspend all rhoToken smart contracts on its platform, as well as all rhoToken smart contracts on Polygon and Binance Smart Chain (BSC).
According to the investigation, the hacker created a PancakeSwap pair for RhoToken against the Binance stablecoin and started a malicious contract on the protocol (BUSD). The malicious contract code known as “FlurryRebaseUpkeep.performUpkeep()” relies on all RhoToken update multipliers. The illegal update took the form of a “flash loan” and all tokens from the bank contract were not refunded, resulting in a low balance and a low multiplier. The attacker later returned the loan. Reports reveal that the hacker executed a second transaction, this time depositing tokens with a lower multiplier and then updating the multiplier to a higher amount.
The multiplier was then used to withdraw money.
As the multiplier is one of the main reasons for the growth in the RhoToken balance, the balance of the attacker has also increased. As a result, they were able to get more out of the pool than they deserved, and the practice was repeated many times, resulting in more than $290,000 in losses. It is worth noting that the attackers only targeted FinanceRabbit Strategy. Flurry Finance said that all smart contract activity is paused for RhoTokens across all networks to prevent problems from getting worse. It was also stated that investigations are continuing and an update will be made as soon as possible. During the operation, FLURRY experienced 20% volume loss. It can be seen from the chart below that it has found buyers again at low prices.
Publishing crypto hack on DeFi platforms
Hackers are always on the prowl looking for flaws in various decentralized financial ventures. Malicious hackers take millions of dollars every year not only from sensitive businesses but also from investors.