Warp Finance has suffered a flash loan attack. According to the team, the attacker was able to suck nearly $8 million worth of stablecoins from the platform by borrowing more than they were ostensibly allowed to.

"The exploiter was able to remove $7.7m of stablecoins," tweeted the lending platform on Thursday evening. "The team has a plan to recover approximately $5.5m that is still secured in the collateral vault. Upon successful recovery, these will be distributed to users who experienced a loss."

Chainlink co-founder Sergey Nazarov at EthCC in Paris, 2019 (Image: Decrypt)

Why DeFi Flash Loan Attacks Will Keep Happening: Chainlink Co-Founder

Chainlink co-founder Sergey Nazarov has said that hackers will continue to come after DeFi protocols unless they change the way they get their price information.  His comments on the Decrypt Daily podcast, published Friday, come after DeFi protocols lost over $100 million in a string of flash loan attacks that attacked Compound ($89 million), Harvest Finance ($34 million) and Cheese Bank ($3.3 million).  The projects were subject to oracle exploits in which the price of stablecoins held in the...

NewsDeFi
2 min read
Mat Di Salvo

Warp had earlier in the evening recommended that users not deposit stablecoins as it investigated "irregularities."

The protocol announced itself at the end of October—and the platform officially launched on December 9—just eight days ago, making this a harsh introduction to the world of DeFi, where smart contracts stand in for banks.

A flash loan attack involves involves borrowing collateral and returning it in a single transaction after using it to manipulate price. White hat hacker Emiliano Bonassi reviewed the attack and believes it actually involved multiple "flash swaps" to three liquidity pools on decentralized exchange Uniswap—one each for Wrapped BTC, USDC, and USDT—as well as two loans from crypto trading platform dYdX involving Ether and DAI.

Flash loan attacks have been to blame for a series of recent losses on DeFi protocols, including an $89 million attack on Compound and a $34 million attack on Harvest Finance.

Warp has promised to publish a more detailed post-mortem in the coming days.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.