It appears that the decentralized finance platform, UniLend Finance, has allegedly suffered an exploit on the Ethereum network, resulting in approximately $197,000 in assets being lost.
On January 12th, TenArmorAlert, a real-time web3 security company, disclosed that an attacker took advantage of UniLend’s “redeem process” by manipulating a bug in the share price calculation. This manipulation enabled the attacker to falsely boost their collateral value and withdraw funds from the pool illegitimately.
As a researcher, I discovered an incident where an attacker utilized our decentralized finance (DeFi) platform by depositing USDC and Lido Staked Ether (stETH) as collateral. Leveraging this deposit, they borrowed the entire pool’s stETH, only to later redeem their initial investment without returning the borrowed tokens. Consequently, the pool was depleted, causing significant losses.
At approximately 11:19:59 AM UTC, the exploit transaction was carried out. Initially, TenArmorAlert estimated the damages at $196.2K. However, a subsequent evaluation from web3 security firm SlowMist revised the total losses to $197.6K.
At the time of release, it appears that UniLend Finance has yet to address the exploit and their appeal for further information from crypto.news remains unanswered.
In the past few years, the Decentralized Finance (DeFi) industry has been a favorite area for cybercriminals to attack. As reported by blockchain investigation firm PeckShield, a staggering 60% of all hacking incidents and scams in 2024 were focused on this sector.
As an analyst, I’d recount that one of the most significant cyber-attacks in 2024 was the breach at Radiant Capital, which is believed to have been orchestrated by the infamous Lazarus Group. This incident led to a staggering loss of $50 million. The perpetrators cleverly disguised themselves as a trusted former contractor of the Decentralized Finance (DeFi) protocol. They then infiltrated and deployed malware onto the devices of at least three key members of the project’s development team.
In November 2024, Thala Protocol’s liquidity pools were emptied, amounting to approximately $25.5 million. This was done by exploiting a weakness in the protocol’s farming agreements, but luckily, the culprit consented to a $300,000 reward and restored all the stolen funds.
Read More
- ‘Violent Night 2’ Writers Discuss Who Could Star as Mrs. Claus
- Jahan Loh and Stash Team Up for ‘Namecaps: Spaceman’ Exhibition at Central Chidlom
- ‘Fast & Furious’ Feud Continues After Vin Diesel’s “Petty” Gesture at Golden Globes
- Azaad actress Rasha Thadani reacts to comparison with Suhana Khan, Janhvi Kapoor, Khushi Kapoor; ‘They have already…’
- ANTi COUNTRY CLUB TOKYO’s Ode to American Prep
- Sky Force actor Veer Pahariya gifts his locket to paparazzo; debutant’s sweet gesture goes viral: WATCH
- AMBUSH Delves Into Its Archives for New Book With Rizzoli
- Square Enix has a Punishment for Toxic Fans Who Harass Their Employees
- Supreme Court to Review Nvidia’s Crypto-Mining Revenue Case
- Aaliyah Barbie: Mattel Releases New Doll on Singer’s Birthday
2025-01-13 12:04