An altcoin that aims to revolutionize the DeFi space has been hit by a massive “flash loan” attack. After the attack, the price of the cryptocurrency fell by over 90%. For those who don’t know, flash loans allow you to borrow large amounts of money without having to provide any upfront collateral. These loans usually come to the advantage of malicious people. Because they can use flash loans to launch attacks on DeFi protocols.
This DeFi altcoin has been hit by a massive flash loan
New Free DAO, a decentralized finance (DeFi) protocol, faced a series of flash loan attacks on Thursday. As a result, $1.25 million worth of altcoin assets were lost. After the attack, the price of the project’s native token NFD dropped 99%.
Blockchain security firm CertiK also announced this flash loan attack to its users. CertiK shared that the attacker distributed an unverified contract and used the “addMember()” function to add himself as a member. The attacker then carried out three flash loan attacks with the help of the unconfirmed contract.
How did the attack take place?
The attacker first borrowed 250 Wrapped BNB (wBNB) worth $69,825 on a flash loan. He then traded them all for the platform’s altcoin asset NFD. He then used the contract to repeatedly claim the airdrop rewards. Thus, he was able to create multiple attack conventions. After doing that, it replaced all the airdrop rewards with wBNB at the equivalent of 4481 BNB.
The attacker returned the loan borrowed 250 BNB from 4481 BNB. He then exchanged 2,000 BNB for 550,000 BSC-USD, the blockchain’s Binance-Peg token. The attacker then moved 400 BNB to the popular token mixing service Tornado Cash. Blockchain expert Joe Green, who works at Certik, explained the reason for the attack. Accordingly, the attack was prompted by an unverified smart contract distributed by the New Free DAO. However, “we don’t know the root cause, as the award contract has not been verified.” he added.
The hacker also attacked another altcoin project
CertiK also talked about the hacker behind the flash loan attack on NFD. Accordingly, the attacker said he was linked to the attack on Neorder (N3DR) earlier in the year. Beosin, another blockchain security firm, stated that the same person could be behind both attacks. CertiK confirmed the same thing and said:
“The funds stolen from the N3DR attack were sent to EOA 0x22C9, the wallet that received the stolen funds from this attack.”
What is a flash loan attack?
Unlike regular loans, several DeFi protocols allow users to borrow substantial sums without depositing any upfront collateral. This service is called “flash loan”. The only condition in flash loans is that the loan is returned in a single transaction within a certain period of time. However, this feature is often used by malicious enemies lately. With this service, attackers exploit vulnerabilities in DeFi protocols by obtaining large amounts of them. Popular altcoin Avalanche was also recently hacked, as we reported on Kriptokoin.com.