New Free decentralised autonomous organisation (DAO), a decentralised finance (DeFi) protocol, has been at the receiving end of flash loan attacks in September, which resulted in a reported loss of $1.25 million. Post the attack, the price of the native token has seen a 99% drop, as reported by Cointelegraph.
On the basis of information by Cointelegraph, many DeFi protocols provide flash loans to allow users borrow large amounts of assets without any form of collateral deposits, with the condition that the loan’s payback must be done at one go and within a given period of time. However, the feature has faced exploitations by malicious entities to gather assets to lauch costly exploitations which target DeFi protocols.
According to Cointelegraph, blockchain security firm Certik warned the cryptocurrency community regarding the 99% slippage of the NFD token due to a flash loan attack. Reportedly, the attacker deployed an unverified contract and called it addMember(), to add itself a member. Later, the attacker performed three flash loan attacks through help of the unverified contract. The attacker had borrowed 250 WBNB worth $69,825 through a flash loan, and made the swap for airdrop rewards for WBNB benefitting 4,481 BNB. Out of the 4,481 BNB, the attacker gave back the borrowed loan (250 BNB) and made the swap for 2,000 BNB, for 550,000 BSC-USD. Later, update came in of the attacker moving 400 BNB to the coin mixer Tornado Cash.
Moreover, Cointelegraph noted that flash loan attacks have increased in popularity among hackers due to factors such as low risk, low cost, high reward, among others. In September, Avalanche-backed lending protocol Nereus Finance was victimised on account of a flash loan attack, which resulted in a loss of $371,000 in USDC. Previously, Inverse Finance lost $1.2 million in another flash loan attack.
(With insights from Cointelegraph)