Saturday, November 28, 2020

Cheese Bank’s multi-million dollar hack explained by security firm

Must Read

Bitcoin carnage, Eth2 milestone, Libra launch, PayPal blunder: Hodler’s Digest, Nov. 21–27

Coming every Saturday, Hodler’s Digest will help you track every single important news story that happened this week. The best (and worst) quotes, adoption...

Bitcoin relief rally is underway — Can BTC price reclaim $18K?

Bitcoin (BTC) price dropped severely in the previous week, falling from $19,500 to $16,000. Corrections never occur smoothly as dropdowns are frequently sudden and...

Why institutions suddenly give a damn about Bitcoin

Without a doubt, Bitcoin (BTC) has become an increasingly popular asset to own among institutional investors. By the end of the second quarter of...

Everyone Should Own Bitcoin, Tether Grows, Ethereum City, Bitcoin Web Show & Ethereum On TRON

Protect And Store Your Crypto With A Ledger Nano: ------------------------------------------- NEW CHANNEL: I also play video games! ------------------------------------------ Rich Dad Poor Dad: Computer I Use To Record: Headphones I Use: Chair I...

An Ethereum-based decentralized finance, or DeFi, platform known as Cheese Bank recently suffered a $3.3 million loss — the product of an early-November hack. The thieves utilized a somewhat newly-found weakness in the DeFi sector which harnesses flashloans. The Cheese Bank thieves stole the cheddar via U.S. dollar-pegged stablecoins USD Coin (USDC), Tether (USDT) and Dai (DAI). A number of other platforms have also suffered similar fates in recent days.

“In the string of attacks, we have seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially manipulate the price of a specific token on a single exchange (e.g., Uniswap, Curve),” blockchain security firm PeckShield said in a blog post on Monday after citing Value DeFi and Akropolis as two other recent similar DeFi hacks. 

“This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing.”

Value DeFi suffered a hack similar to Cheese Bank a few days ago. A sly character pilfered $6 million from the blockchain-based protocol, also harnessing USDC, USDT and DAI in conjunction with the effort.

Flash loans, a function of the DeFi ecosystem, seem to offer a hole of sorts through which to steal funds. Malicious parties also recently hacked Akropolis, which serves as another similar incident.

Referring to the Cheese Bank hack in early November, the PeckShield post detailed: “This particular hack drains $3.3 million of USDC/USDT/DAI from Cheese Bank by exploiting a bug in its way to measure asset price from an AMM-based oracle.” The nefarius parties stole the funds on Nov. 6.

Crypto’s DeFi niche has exploded in 2020, representing the latest intra-sector bubble. Uniswap serves as a popular DeFi exchange. The sector cooled for a period amid Bitcoin’s soaring price, although DeFi hype appears to be picking up once again.