Cryptocurrency borrowing and lending service Akropolis says a hacker used a “flash mortgage” assault in opposition to its platform and stole roughly $2 million value of Dai cryptocurrency.
The assault befell yesterday afternoon (GMT timezone), and Akropolis admins paused all transactions on the platform to stop additional losses.
Akropolis says that whereas it employed two companies to analyze the incident, neither firm was in a position to pinpoint the assault vectors used within the exploit.
Nonetheless, the intrusion was recognized as a “flash mortgage” assault.
Flash mortgage assaults have change into widespread in opposition to cryptocurrency providers operating DeFi (decentralized finance) platforms that enable customers to borrow or mortgage utilizing cryptocurrency, speculate on worth variations, and earn curiosity on cryptocurrency savings-like accounts.
Flash mortgage assaults happen when hackers mortgage funds from a DeFi platform (like Akropolis) however then use exploits within the platform code to flee the mortgage mechanism and get away with the funds.
These assaults have been rising in numbers since early February this yr, and one of many largest flash mortgage assaults befell final month, in October, when hackers stole $24 million value of cryptocurrency belongings from DeFi service Harvest Finance.
The excellent news is that Akropolis says it has already recognized the attacker’s Ethereum account, which might enable it to trace funds as they transfer across the blockchain.
The DeFi platform says it already notified main cryptocurrency exchanges concerning the hack and the attacker’s pockets in an try and have funds frozen and stop the attacker from laundering funds into different types of cryptocurrencies, lose the investigators’ tracks, and money out the funds.
Akropolis stated it’s presently exploring methods to reimburse customers for the loss.