Decentralized finance (DeFi) protocols have suffered numerous attacks in recent months and another project has lost $20 million to the attackers.
Popsicle Finance suffers an exploit
DeFi platform Popsicle Finance has announced that it has suffered an exploit earlier today. The exploit reportedly led to a loss of $20 million from the decentralized project. This latest development contributes to a worrying trend of DeFi protocols getting hacked.
The Popsicle Finance team announced the hack via a series of tweets, stating that they are aware of the exploits, but their other contracts haven’t been breached.
We are aware of the current exploit to Fragola. We will investigate and publish post mortem.
The other Popsicle Finance's contracts have not been exploited.
If you still have funds in the ETH/AXS, ETH/SLP, ETH/LINK or any EURt Pool please remove them immediately.
— Popsicle Finance (@PopsicleFinance) August 4, 2021
The attacker reportedly utilized flash loans to borrow $30 million in USDT tokens and $32 million in ether (ETH). The funds were used to maximize the effects of the attack. A flash loan attack is a situation where attackers borrow tokens, use them for some functions and repay them in a single transaction.
SushiSwap core developer Mudit Gupta explained that “the hack was complex, but the bug was simple.” Basically, Popsicle doesn’t transfer the reward debt when users transfer their shares. This exposes multiple exploits, one of which was used in the attack.”
Numerous DeFi protocols suffered exploits in 2021
Several DeFi protocols have suffered exploits in 2021, losing millions of dollars to the attackers in the process. In recent weeks, some DeFi platforms such as Chainswap, Bondly Finance, and SafeDollar have lost millions of dollars to attackers.
The DeFi sector is still new, and more work needs to be done to boost the security of the protocols to ensure they don’t fall victims to such attacks.