Avalanche flash loan attack results in $371,000 USDC loss
In the early hours of Tuesday, a flash loan attack was carried out using the Avalanche network. A specific smart contract as well as a number of liquidity providers were the targets of the attack. According to blockchain cybersecurity firm CertiK, the attacker made $370,000 in earnings.
A flash loan attack is a misuse of a platform’s smart contract security where an attacker typically borrows large sums of money without providing any collateral. Then they engage in arbitrage trades to profit from it.
They do this by manipulating the price of a cryptocurrency asset in one market before reselling it almost immediately in another. Attackers normally follow the method with precision and speed, repeating it several times before finishing.
According to CertiK, three possible protocols may have been damaged in Avalanche’s latest breach. The same goes for the DEX Trader Joe platform, the Nereus Finance staking platform, and AMM Curve Finance.
Notably, CertiK’s On-chain security program Skynet detected the attack, which took place at 19:26 UTC on Tuesday.
In recent years, a number of crypto heists have involved flash loans. For example, the Ethereum-based Beanstalk system was compromised in April and around $180 million was stolen. The attacker(s) apparently obtained a flash loan using the Aave loan market, allowing them to store a significant amount of Stalk, Beanstalk’s native governance token. The attacker(s) were able to quickly pass a fraudulent governance proposal that siphoned all protocol funds into a personal Ethereum wallet through the voting power provided by these Stalk tokens.
However, as shown below, the amount of money taken without using flash loans (in purple) increased in August, demonstrating that DeFi criminals do not always take the same path used by Avalanche/Beanstalk hackers .
Avalanche’s DeFi efficiency
Avalanche is not doing well on the DeFi front. For example, the total value of assets locked on its platform has declined over the past six months and was just $1.7 billion at press time, reflecting a daily loss of 4.1%.
Additionally, competing protocols like Solana have been able to show superior numbers, even on the revenue side. Aurum Crypto’s Web3 analyst recently took to Twitter to highlight the aforementioned pattern. Solana had earned around $50,000 a day in fees over the previous three months. The figure for Avalanche, on the other hand, was between $25 and $30,000.
That said, it’s worth mentioning that Solana spends more on security. In other words, there is a wide disparity between the cost and the profitability of the two procedures. The expert tweeted, “Calling the same thing,”