The Decentralized Finance Project Akropolis is the latest victim of a rapid loan attack
Hackers have exploited Akropolis’ economic pools and stolen more than $2 million in DAI.
“At ~ 14: 36 GMT, we noticed a discrepancy Bitcoin Superstar in the APYs of our stablecoin pools and identified that ~ 2.0 million DAIs were drained from yCurve and sUSD pools,” Akropolis reported in a statement
It is reported that contract address 0xe2307837524Db8961C4541f943598654240bd62f, carried out a series of dYdX flash lending attacks on the sUSD and YCurve pools.
“The essence of the exploit in question is a combination of a re-entry attack with dYdX flash loan origination”.
The hacker did not retain the funds after the exploit. The stolen $2 million DAI was immediately routed to a different address.
It seems the attack took the platform by surprise. The Gibraltar-based decentralised financial protocol states that the pools were audited by two companies and the attack vectors used were not identified in both audits.
The Akropolis team has posted an update saying a post-mortem analysis is on its way. The team also added that it was looking for ways to reimburse the affected users in a way that would not end up undermining the protocol.
Akropolis said most of the funds in the protocol were safe as Compound USDC, Compound DAI, AAVE bUSD, AAVE sUSD, sBTC Curve and bUSD Curve were not affected in the exploit. Other intact staking pools were ADEL and Native AKRO.
The DeFi protocol paused all stablecoin pools and notified the exchanges on the exploit. Discussions between Akropolis and security experts are also ongoing as the platform reviews its security system for the expected assessment.
Akropolis founder Ana Andrianova refuted allegations circulating on social networks that the exploit was carried out in the same way as Harvest Finance last month. Harvest Finance suffered a $34 million loss in stable reserves of USDC and USDT in another quick loan exploit. Another similar incident is the bZx margin trading platform, which lost $350,000 earlier this year.