Hackers attacked decentralized exchange (DEX) QuickSwap today, making away with $220,000 in a flash loan exploit.
The DEX said Monday that it had closed QuickSwap Lend, its lending protocol, following the exploit. It added that the only platform hit by an exploit was its Market XYZ lending market.
Users also didn’t lose any funds, according to the DEX. Flash loans, popular in the world of DeFiDeFi (decentralized finance), allow crypto users to take out instant loans without collateral.
⚠️QuickSwap Lend is closing⚠️
🔗$220k was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which @marketxyz was using
☣ Only the Market XYZ lending market was compromised. QuickSwap's contracts are unaffected
But they are prone to exploits—like QuickSwap’s today. Flash loan exploits—which happen a lot in DeFi—are when a highly capitalized bad actor manipulates the price of an asset by taking out lots of loans, and then quickly sells back the borrowed capital to earn a profit.
Blockchain security firm PeckShield posted details of the exploit. A few hours later, the hackers were using sanctioned coin mixer Tornado Cash to hide the origin of the funds, according to Etherscan data.
People use QuickSwap to swap tokens. As a DEX, it requires no sign-up (unlike a centralized exchange like Coinbase) and has no middle-man—so anyone can use it.
QuickSwap is a fork of the Uniswap DEX, one of the biggest DeFi apps in the crypto space. But unlike Uniswap, it doesn’t run on Ethereum but Polygon, the blockchain which hosts the 12th biggest cryptocurrency, MATIC.
Even if you’re relatively new to crypto, you may have bought or traded Bitcoin, Ethereum and other assets on a cryptocurrency exchange. Exchanges like Binance and Coinbase are some of the most successful businesses in the crypto space; Coinbase, one of the leading exchanges, went public in a direct listing earlier this year. Binance, Coinbase, Gemini, Kraken, and others are called "centralized exchanges," since one company operates them and reaps profit from operating them.
The Ultimate Beginner...
DEXs are vulnerable to flash loans and other hacks, though, and as users are completely in control of their funds, there is no insurance—as there would be on a centralized exchange.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Developers have proposed a network upgrade for Dogecoin, which experts say could result in an explosion of activity on the meme coin’s blockchain as games, apps, and and new protocols are deployed.
Put forward by DogeOS, the team behind the MyDoge wallet, the proposal nicknamed OP_CHECKZKP would introduce zero-knowledge proofs and enable zk-rollups, a form of layer-2 scaling network, as a way to boost scalability, decentralization, and security for the Dogecoin network.
“The proposal transforms...
It was launched as an exclusive cryptocurrency, only for those with deep pockets. But after a vote, now the average Joe will soon be able to buy President Trump-backed WLFI from exchanges.
The native token of World Liberty Financial will soon be available for trading to "begin the next phase of community ownership and engagement," according to its website.
WLFI is World Liberty's native governance token. In the crypto space, holders of a governance token can vote to make changes to how the proj...
A blockchain researcher accidentally burned approximately $58,000 worth of Pump.fun’s PUMP token on Solana—but he told Decrypt that he isn’t “sad or angry” about the costly mistake.
The mistake came after he bought $40,000 worth of the token in Pump.fun’s sought-after token sale on Saturday, which sold out in just 12 minutes. Once the token launched, PUMP debuted at a price of $0.005827, which is 45% higher than its ICO valuation, bringing the unlucky trader’s losses to a total of $58,270.
On Su...