Advertisement
Advertisement

DeFi Lending Protocol Ola Finance Exploited for $3.6M

By:
Varuni Trivedi
Published: Apr 1, 2022, 11:02 GMT+00:00

Security breaches are becoming commonplace in DeFi; recently, another exploit was reported just a week after the infamous Ronin hack.

FXempire, Defi, Crypto, hack

In this article:

Key Insights:

  • DeFi lending protocol Ola Finance announced an exploit that allowed an attacker to steal $3.6 million.
  • The attacker took advantage of a reentrancy bug in Ola’s smart contracts.
  • This comes just a week after the exploit of Axie Infinity’s Ronin network. 

It was no April Fool joke for Ola Finance when over $3.6 million were siphoned off the protocol in a recent exploit. DeFi protocols have been an easy target for hackers as more and more security breaches have surfaced over the last couple of years.

Another DeFi hack

On April 1, decentralized lending protocol Ola Finance revealed that it suffered an exploit that allowed hackers to grab $3.6 million worth of cryptocurrencies from the platform.

Ola Finance published a summary of the exploit, revealing that the value stolen from the protocol summed up to around $4.67M in ETH, BTC, and FUSE prices. The attackers managed to steal around 216,964 USDC, 507,216 BUSD, 200,000.00 fUSD, 550.45 WETH, 26.25 WBTC, and 1.24 million FUSE.

PeckShield, a blockchain security firm that worked with Ola to investigate the exploit, disclosed that the attacker took advantage of a ‘reentrancy’ bug in one of Ola’s smart contracts. The hack was made possible due to the incompatibility between Compound fork and ERC677/ERC777-based tokens, which have the built-in callback functions misused to allow reentrancy to drain the lending pool.

Ola’s DeFi protocol operates across various blockchains. In the recent attack hackers targeted its deployment on the Fuse network. Fuse is an Ethereum Virtual Machine-compatible blockchain with around $12.8 million in total value locked (TVL) before the attack.

Hackers Targeting DeFi

The Ola Finance hack comes only a few days after the $625 million exploit of Axie Infinity’s Ronin network. The Ronin hack is one of the largest in DeFi history, where a whopping 173,600 ETH and  25.5M USDC were drained from Ronin bridge just last week.

Furthermore, the reentrancy attack used for the Ola Finance hack isn’t the first one this year. On March 16, attacker siphoned over $11 million from Agave and Hundred Finance by introducing a reentrancy bug and using a flash loan exploit to siphon funds, as reported by FXEmpire.

Even though the Ola Finance hack is relatively smaller than the aforementioned attacks, it reminds us of the multimillion-dollar thefts that are now fairly common in DeFi.

About the Author

A Journalism post-graduate with a keen interest in emerging markets across South East Asia, Varuni’s interest lies in the Blockchain technology. As a financial journalist, she covers metric and data-driven stories with a tinge of commentary, and strongly believes in HODLing.

Advertisement