The hackers allegedly managed to take advantage of the Decentralized Finance Protocol’s savings in the Acropolis of Gibraltar and obtained more than $ 2 million in stablecoins.
On November 12, the company announced on Twitter that it had identified a breach “implemented in a number of smart contracts in utility pools.” Acropolis said the areas targeted by the hackers had already been explored twice and included only the Curve Y and Curve sUSD savings pools.
Ethereum blockchain records show that hackers fled over 2,030,850 Dai using these savings pools. Then the money is transferred to another address.
After that, Acropolis posted a statement on its website stating that “most of the money” is safe and will stop all stable coin combinations. The company added that they “studied ways” to compensate the affected users.
Anna Andrianova, founder and CEO of Akropolis, disputes claims that the attack was similar to the decentralized protocol from Harvest Finance in October. At the same time, the hackers managed to use more than $ 24 million from the DeFi project complexes and replace them with renBTC (rBTC). Acropolis said the exploited vulnerability was “a combination of an attack again with the creation of a dYdX flash credit.”
CertiK, the security company that audited Acropolis smart contracts, appears to have missed two attack vectors that the hackers used in this case. The company allegedly also controlled the bZx lending protocol, which has been attacked three times this year.
Data from encryption analysis firm CipherTrace on Tuesday shows that while hacking of decentralized finance protocols was “almost minimal” in 2019, it now accounts for 20% of cryptocurrency losses from theft and piracy.
“The rise of DeFi ultimately attracted criminal hackers, which led to the most hacks in the sector this year,” the report said.