Decentralized finance (DeFi) platform Vee Finance has reported it was exploited for a total of 8804.7 Ethereum (around $26.2 million) and 213.93 Bitcoin (around $9 million), temporarily suspending services.
Vee Finance is a lending and borrowing protocol built on the Avalanche blockchain that offers both flexible and fixed returns on crypto deposits. In less than a week since its launch on September 14, the platform boasted that the total value of assets locked surpassed $300 million.
After today’s news, that sum is now atleast $35 million lower.
In the original incident announcement on Tuesday, Vee Finance said that on September 20 the team noticed “a number of abnormal transfers,” sharing both the attacked address and the address used by the hacker to send stolen funds.
Following the incident, the team suspended the platform’s smart contracts “to ensure the safety of more users’ assets,” while also halting the deposit and borrow function.
Additionally, in a tweet addressed directly to the supposed hacker, Vee Finance said they were willing to launch a bounty program for the bug they identified, urging the attacker to contact the team.
Dear Mr/Ms 0x**95BA,
This is VEE Finance team, we’re willing to launch a bounty program for the bug you identified. Please connect us via email or other contact you prefer.https://t.co/24R5XuSDDS pic.twitter.com/HwSNRi838g— vee.finance🔺 (@VeeFinance) September 21, 2021
Once the incident was made public, the protocol’s native VEE token plummeted from a 24-hour high of $0.235 to the local low of $0.087, before recovering to $0.12 by press time, per CoinGecko.
Vee Finance funds safe?
In a consequent blog post, Vee Finance stressed that the platform’s stablecoins sector was not affected by the attack; however, the team couldn’t confirm that user funds were safe.
“According to address monitoring, the attacker has not yet transferred or processed the attacked assets any further,” Vee Finance said. “We are actively dealing with it and have proactively communicated to the attacker on the chain.”
Additionally, the project informed that it contacted smart contract auditors and exchanges “to locate the attacker and assist in recovering the assets.”
This is the second attack on a project built on Avalanche over the past ten days, as Zabu Finance was exploited for $3.2 million on September 12 in what analytics provider DeFiprime claimed to be the “first big exploit” on the network.
It also follows a series of other hacking incidents that hit the DeFi space in recent days, including a $3 million attack on SushiSwap’s token platform MISO and a $12 million exploit of pNetwork, a Binance Smart Chain-based interoperability protocol.