Key takeaways:
- Multiple security experts report that Wise Lending was purportedly exploited and deprived of 170 Ether, which is currently valued at $440,000.
- As part of the hack, the attacker took 1,110 Lido Staked Ether (stETH) tokens, worth $2.9 million, from the Aave lending protocol.
Multiple security experts report that on January 12, Wise Lending, a Web3 lending software and yield aggregator, was purportedly exploited and deprived of 170 Ether, which is currently valued at $440,000.
To execute the hack, it’s possible that the exploiter used a flash loan to influence the pricing of an Oracle. The attacker utilized an unconfirmed contract with an address ending in d82c to drain the cash.
This contract contains a number of tokens, including USD Coin valued at $9,000, Tether valued at $2,000, Dai valued at $5,000, 18.51 Wrapped Ether (WETH) ($47.694), and many tokens related to Pendle Finance.
As part of the hack, the attacker took 1,110 Lido Staked Ether (stETH) tokens, worth $2.9 million, from the Aave lending protocol. Flash loans are a standard tool used by scammers to influence Oracle pricing.
The attack against X (previously Twitter) was brought to the attention of the cryptocurrency community by pseudonymous blockchain security researcher Spreek, who stated:
โLooks like Wise Lending exploited for ~170 eth.โ
Spreek hypothesized that a new Pendle Finance derivative token might have been connected to the vulnerability in response to their own post.
Officer’s Notes, a different security researcher, commented, “Another day, another exploit,” when they shared the report. The officer’s Notes state that a 7% price swing between stETH and ETH inside a certain pool may have contributed to the vulnerability “b/c of AAVE v2 stETH flash loan.”
Decentralized finance (DeFi) procedures have only recently begun in 2024, but exploits have already cost them at least $5 million. Over $4.5 million was stolen from Radiant Capital on January 3. The liquidity management Gamma Protocol suffered a loss of almost $400,000 due to an exploit the next day.
According to blockchain security provider Certik, over $1.8 billion was lost in 2023 as a result of cryptocurrency hacks, scams, and attacks.