Ola Finance lost $3.6 million in an attack on its loan product on Fuse Network.
An anonymous hacker exploited a vulnerability in the protocol’s smart contract. Lending protocol Ola Finance was hacked today on Fuse Network, one of the many blockchains it works on, and the attacker has seized an estimated $3.6 million.
The incident started with a common issue known as a re-entry error, involving a smart contract vulnerability that allowed hackers to make repeated calls to the protocol to steal assets. Just a few weeks ago, two DeFi protocols on Gnosis Chain, Hundred Finance and Agave, had lost more than $11 million in customer funds in rapid credit attacks from re-entry failures
Security firm PeckShield told The Block that the Ola Finance hacker first had its own He said he started by using his collateral and borrowing funds. After that, taking advantage of the re-entry vulnerability in Ola’s smart contracts, the hacker was able to remove the collateral without repaying the loan they received. The hacker then repeated the same process in other Ola Finance pools, making a total of $3.6 million.
After dumping the funds, the hacker transferred them from Fuse to other blockchains (BNB Chain and Ethereum) via Fuse’s own cross-chain bridge. The hacker reportedly held $3 million in total in Ethereum and another $637,000 in BNB Chain.
Ola Finance said it is still investigating the incident and will issue a report soon. Ola’s decentralized loan product on Fuse Network has been paused to control damage. The project noted that credit services on other blockchains were not affected by the incident.