Optimism-Powered Credit Market Hack Millions in Ethereum (ETH) Stolen.
In a significant cyber incident, an Optimism-based (OP) decentralized credit market protocol fell victim to a hack resulting in the loss of millions of dollars in Ethereum (ETH). De.Fi’s security team, a cornerstone of the web3 protocol, reported the breach, revealing that bad actors exploited Exactly (EXA), an open-source credit market project, to make off with approximately $7.2 million worth of ETH.
The exact mechanics of the hack involved the perpetrators managing to bridge around 1,490 ETH using the Across Protocol, along with 2,832.92 ETH via the Optimism Bridge. Following an in-depth investigation into the Exactly protocol breach, it was concluded that the stolen amount currently totals around $7.2 million (equivalent to 4,323.6 ETH).
To address the breach, Exactly temporarily paused its protocol while a thorough examination of the issue is carried out. This pause, however, doesn’t hinder investors from withdrawing their funds. A statement from the Exactly team regarding the situation read, “We’re actively investigating a security issue within our protocol. To ensure user safety, the protocol is temporarily paused (you can still withdraw assets). Our team is on top of this and will share more details as soon as possible.”
Blockchain security experts at Beosin shed light on the method the hacker used to bypass the protocol’s security measures. The root cause of the exploit was identified as the manipulation of the market address in the DebtManager contract. The attacker cleverly inserted a malicious market contract address, evading the permit check, and executed a deceitful deposit function, allowing them to pilfer the USDC deposits made by users. Eventually, they liquidated users’ assets to reap profits.
This breach took a toll on the value of EXA, which experienced a sharp decline in the last 24 hours. As of the time of writing, EXA is trading at $4.28, reflecting a significant 32% drop over the past day. The incident serves as a stark reminder of the vulnerability of decentralized systems in the face of sophisticated cyber threats.
Disclaimer: The information provided in this article is for informational purposes only and should not be construed as financial or investment advice. Cryptocurrency investments are subject to market risks, and individuals should seek professional advice before making any investment decisions.