Avalanche Smart Contract Exploit Steals $371K in USDC

hacker jacket with hood with laptop sits table

An Avalanche-based lending protocol Nereus Finance is the newest sufferer of a wise contract exploit because the hacker walks away with a web $371K price of USD Coin (USDC). 

The exploit was first reported by CertiK, a blockchain cybersecurity agency on September 6. The agency indicated that the assault impacted liquidity swimming pools on Nereus referring to decentralized trade Trader Joe and automatic market maker Curve Finance.

CertiK additionally claimed that the underlying protocols themselves have been impacted. However, Curve Finance rapidly cleared that up by responding, “maybe you meant ‘assets impacted,’ not ‘protocols impacted’. Only @nereusfinance and its assets seem impacted.”

An in depth autopsy of the incident was posted by Nereus Finance on September 7, which said that an exploiter was in a position to deploy a customized good contract that utilized a $51 million flash mortgage from Aave to artificially manipulate the AVAX/USDC Trader Joe LP (JLP) pool worth for a single block.

This resulted in the exploiter minting 998,000 price of NXUSD (Nereus’ native token) towards a collateral price $508,000. The exploiter then swapped this capital with totally different property through numerous liquidity swimming pools and managed to stroll away with a web revenue of $371,406 as soon as the flash mortgage was returned. 

Nereus Finance says that they reacted rapidly and consulted safety specialists, developed a mitigation plan and knowledgeable legislation enforcement. They additionally liquidated and paused the exploited JLP market.

The incident left the NXUSD protocol with a foul debt because of the creation of $500,000 of NXUSD. The workforce stated that it paid off the unhealthy debt with NXUSD from its personal treasury. The workforce additionally introduced that the lending and borrowing protocol ‘was not affected by this exploit.’

The autopsy states that the incident occurred due to a missed step in the worth calculation ensuing in the chance to be exploited.

Nereus Finance reassured customers that the workforce will amend its “audit and security practices in order to ensure these types of events do not occur in the future.”

The Nereus workforce says that they’re engaged on figuring out the exploiter and are providing a “20% White Hat reward for the return of the funds.” 

Compiled by Coinbold

5/5 - (100 votes)