Key Takeaways:
- Ploutozfinance was exploited and it led to the gain of ~$365K for the hacker.
- The hack was made possible due to the price oracle manipulation of $DOP in ploutozfinance.
Yesterday Ploutoz finance was exploited and it led to the gain of ~$365K for the hacker. The protocol loss is larger than before. The hack was made possible due to the price oracle manipulation of DOPย in Ploutoz finance. Specifically, the hacker leverages the manipulated DOP as collateral to borrow other assets, including CAKE, ETH, BTCB, etc. The initial funds to launch the hack were withdrawn from TornadoCash. The resulting gains are swapped via paraswap and PancakeSwap, then washed via TornadoCash.
The attacker, who remains unknown, was able to drain the liquidity pools by way of a flash loan attack. A flash loan attack is when an attacker takes out a loan from one DeFi platform or service provider and uses the borrowed money to interact with smart contracts in a way that manipulates prices of DeFi tokens in their favor so that they can subsequently drain a project’s liquidity pool at prices favorable to them.
Flash loans are still a popular way to take advantage of DeFi platforms and contracts. Because exploits do not require attackers to breach the system they are attacking, platforms find it difficult to defend against them. Instead, they demand that the attacker have in-depth knowledge of the system in order to understand how their actions on one end of the platform, or on an external platform, affect other areas of the platform they are exploiting.
There are a plethora of viable ways to earn money through the use of cryptocurrencies nowadays. In the past, many traders would have preferred to simply hold on to their coins, or ‘hold,’ for as long as possible in order to maximize their profits. However, as time passed, new methods such as mining, staking, farming, and others emerged, and many people are now earning significantly more than they were previously.
