Yet another Defi platform got hacked again

[24Kt]

I'm not sure if I'm going to believe this or not. It probably because everything can be manipulated, it might possible that they just want to trick investors of being hacked but the truth is that their project has nothing to show good.

Well, I'm not good with DeFi and since from their launching, I have no interest to invest them knowing that many of them (almost all) are just shit projects. I can't really imagine how they create such hypes? However, the quickest they rise up, the fastest also they dump and even becoming dead.

Yes, possibly, inside job. Wondering how a flash loan can surpass the strict requirements of defi platform? Unless, they know where to hit the vulnerabilities of their system. And to know where to attack, of course, somebody inside have the knowledge about that. Really a lesson for those potential defi investors, not to trust fully the platform they are using.

[Princeofpoetry]

why does this happen so often? Is it because the blockchain security system is already vulnerable and weak? or because hackers are smart at exploiting blockchain bugs?

[NewRanger]

why does this happen so often? Is it because the blockchain security system is already vulnerable and weak? or because hackers are smart at exploiting blockchain bugs?

no its not, its system not builded with high layer security system  and  their system analyst didnt work correctly to make penetration test that common do in outside crypto market. sometimes we need to involve white hacker to test system and report this bug to developers team. i think its rare crypto project this way to make sure system was very secure.

[Kelvinid]

This is another story and probably another lie to tell from inside. This kind of excuses isn't new to us and ain't that wonder how this new project had come to a lot of reason for their failure and brought into a scenario which not all of us tend to believe. This could also be a reason why investors have to skip new projects but rather to focus on old projects. The risk that these new projects had brought to us worries a lot of people and this also a reason that most of them have failed.

[Shef198911]

well, if it was only one company, and there are already several of them, those who were hacked, there are two options, or this system is really vulnerable and not reliable, or the second option is that all these hacks are just a cover for withdrawing funds, or planned perhaps by the team itself

[Francis Freeman]

So lately there's one of DeFi platforms (Akropolis) that has admitted they got hacked (over 2 million in DAI) through a flash loan attack recently.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools,” the project reported in a statement released the evening of November 12.

[...]

The attacks seemingly come as a surprise for Akropolis, which said the pools had undergone two independent audits. “However, the attack vectors used in the exploit were not identified in either audit,” it said “The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.”

Read the full article -> https://decrypt.co/48081/defi-platform-akropolis-admits-to-being-hacked-for-2-million

Previously there are several DeFi got the flash loan attack as well such as Harvest finance and bZx.
What's your thought about it? Does DeFi are too vulnerable to be attacked?

Wow. Its really weird that projects are not realizing how dangerous flash loans are after what happened to harvest Finance which got attached similar way . Scares people away from yield farming.

[zaim7413]

why does this happen so often? Is it because the blockchain security system is already vulnerable and weak? or because hackers are smart at exploiting blockchain bugs?

If we examine the possibilities, it is clearer that hackers who are smarter can do this on the Blockchain system, because everyone also knows that the Blockchain system is really strong in terms of security, so if hackers are not smart, they are already definitely won't be able to break into it.

[Yudhisthir]

To jump into the DEFI  hype a lot of new and old project jumped into the market without proper preparations and troubleshooting the codes. For anything as important as DEFI codes and smart contract, they should have gone with an extensive penetration testing and find out any bugs before they gets exploited. But the project as well as the auditors are in such a hurry to get cash, they compromise with the security and ultimately the trust.

[globalpain]

why does this happen so often? Is it because the blockchain security system is already vulnerable and weak? or because hackers are smart at exploiting blockchain bugs?

If we examine the possibilities, it is clearer that hackers who are smarter can do this on the Blockchain system, because everyone also knows that the Blockchain system is really strong in terms of security, so if hackers are not smart, they are already definitely won't be able to break into it.

they don't break into the other blockchain system, the blockchain system can't be broken easily,
have you ever heard the news of a hacker breaking into the blockchain system? of course not,
hackers just get their users caught in their traps.

[doomloop]

The reason why people were so quick to jump (specially project owners) was the fact that they didn't want to miss out on the bandwagon. If they could create something, ANYTHING and get involved with this hype, they could not only have their own token made or their own company made but also they would have enough money to fund it for a decade with how much funding these projects were getting which means they would be set for life if they invest carefully.

However that meant acting very quickly and when you act that quickly you end up with not providing 100% ready product and that ends up with bad results like this. I feel like if you have a decent and good project, it should take at least 6 months to a year in order to be 100% ready for public release.

[ven7net]

When I hear about another hack of a particular crypto exchange, even in DeFi, it becomes suspicious for me. I had little experience when I became a victim of a hack, but it happened through my action and not being careful. But okay me, but how can platforms that hold other people's assets be so insecure about security? As for me, two conclusions can be drawn here, either they deceive us and they have no protection, or they do it all themselves. It is not uncommon for me to arrange for a hack to launder funds. No matter how it was, the security system is still far from perfect and is subject to risk.

[Ozero]

Another hacking of a platform or exchange should be taken as a routine.  Hackers are attracted and will attract a lot of money that can be stolen and the relative anonymity of the cryptocurrency at the same time.  Many hackers are also attracted by excitement and sports interest.  In addition, this activity is still very weakly regulated by states, and crimes related to cryptocurrency are especially difficult for law enforcement agencies, since crimes are always international, and criminals have the opportunity to migrate to different countries.  Therefore, the number of such cases will only grow.

[nelson4lov]

This is similar to the hack attacks we had back in the days against ICO platforms. I knew this would be the case since DeFi became really popular for most parts of the year, it was only a matter of time before platforms would start getting attacked for the funds that are usually in their vaults for yield farming and other activities.

Just today, there was another attack (yes, a DeFi project as well):

A hacker drains $3.3 million of USDC/USDT/DAI from Cheese Bank.

https://twitter.com/CheeseBank2020/status/1328343819201380353
https://medium.com/@peckshield/cheese-bank-incident-root-cause-analysis-d076bf87a1e7

From the look of things, it looks like the typical flash loan attack that other DeFi has suffered in the past. These attacks are wake up calks to DeFi protocols to step up security if they want to win against traditional financial services.