There is no doubt that decentralized finance (DeFi) has been at the heart of the Ethereum ecosystem over the past year. But unfortunately, using it for applications on the second-largest blockchain by market cap of its underlying cryptocurrency is not without its own flaws.

A report yesterday indicated that a star DeFi protocol was hacked for Ethereum and tokenized Bitcoin on April 18.

Uniswap is a token exchange protocol based on Ethereum, which is not only different from traditional cryptocurrency exchanges, but also different from ordinary decentralized token exchanges. Uniswap is a set of contracts deployed to the Ethereum network, and all transactions are carried out on the chain.

secondary title

$300,000 worth of cryptocurrency stolen

According to blockchain developer and DeFi expert Julien Bouteloup, the attackers managed to drain the Uniswap-based pool (market) and, in the process, obtained more than $300,000 worth of ETH and tokenized versions of ETH. Bitcoin imBTC.

“The imBTC TokenIon pool on Uniswap has been attacked and drained, a simple attack on Uniswap has them stolen over $300,000 in ETH + BTC,” Julien wrote on his Twitter.

The problem is described on Uniswap's GitHub as "liquidity pools may be stolen by certain tokens (such as ERC-777)", and this problem is defined as a major security vulnerability. The solution still says "The issue is currently under review".

While a postmortem report on the incident has yet to be released, Bouteloup claims that an audit of the ethereum-based Uniswap protocol 16 months ago explained the loopholes that allowed users to discover some cryptocurrencies.

According to a GitHub post revealing details of the audit, the exploit involved attackers creating "fake exchanges (pools)" that resembled the original exchange.

From there, attackers can manipulate Uniswap to make the asset in the original pool suddenly very cheap, allowing them to liquidate the asset at a much lower price than its actual market value.

secondary title

DeFi attack is by no means an isolated case

This isn’t the first time users have exploited a bug in an Ethereum-based DeFi protocol to reap huge profits over the past few months.

In February of this year, the bZx protocol suffered two attacks, and the time between the two attacks was only a few days apart. The two attacks are not exactly the same, but their gist is as follows:

Users withdraw large sums of ETH from bZx for "flash loans," where users borrow and return borrowed funds in the same transaction.

ETH is used to buy another Ethereum-based asset, and users deploy operations to change the price of Ethereum-based assets in other protocols, allowing profits from incorrect oracle prices.

The original text comes from bitcoinist, compiled by the BluemountainLabs team, the English copyright belongs to the original author, please contact the editor for Chinese reprint.

The original text comes from bitcoinist, compiled by the BluemountainLabs team, the English copyright belongs to the original author, please contact the editor for Chinese reprint.