In brief

  • Warp Finance will return $5.85 million worth of user funds in the form of liquidity provider tokens.
  • The project was hacked for $8 million last week.
  • Warp would additional issue IOU tokens for users, but hackers still hold the stablecoin funds.

DeFi project Warp Finance said Sunday its efforts to recover stolen funds from last week’s $7.7 million hack were partially successful, with over $5.85 million recovered as of this morning.

The project is a decentralized lending platform that allows users to deposit Liquidity Provider (LP) tokens—issued to users who provide liquidity on decentralized exchanges like Uniswap—and take out stablecoin loans (against the LP tokens as collateral).

Warp said it was able to recover the liquidity provider tokens that represented the collateral for $5.85 million. “We successfully recovered the exploiter’s loan collateral in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds,” it said in a statement.

The project said it would distribute the recovered funds to affected users in the next 24 hours. The amount would be proportional to 75% of the liquidity token amount deposited by users, as the $7.7 million in stablecoins (held by the hacker) have still not been recovered.

Apart from victims, Warp said it would also compensate users who deposited liquidity tokens after the attack and endured a loss. And as an additional gesture, the project added it would issue a “Portal IOU” token in the coming days to fully make up for the victims’ losses (and potentially even make a profit).

With a promising model, Warp Finance attracted millions of dollars' worth of liquidity provider token deposits from users since its launch in early November. However, a complex attack involving a faulty “oracle”—a third-party service that fetches verified data from various sources to a blockchain—was conducted last week and the hackers were successfully able to withdraw a $7.7 million loan, as several on-chain researchers pointed out.

The attack was one in a series of hacks against DeFi projects that saw hackers manipulating oracles to trick such protocols into unlocking a far greater amount (for the hackers) than what their staked collateral allowed.

DeFi projects have since improved security measures and implemented changes to fend off oracle-led hacks. But the attackers have been one step ahead so far.