DeFi protocols seem to always be the victims of flash loan attacks. In the latest episode, DeFi lending protocol Warp Finance has been drained of a huge amount of money. DeFi Prime, a DeFi media outlet revealed that about $8 million was lost yesterday during the hack in a tweet.
⚠️ Flash loan attack on a Warp protocol ⚠️
About $8m stolen 🤦♂️
This TX ⤵️https://t.co/CMEPxk4838
— defiprime (@defiprime) December 17, 2020
How the Flash Loan Attack was Carried out?
The attack, which was carried out by an anonymous hacker, used a flash loan to exploit the protocol. A group of flash loans was used to cart away $8 million in DAI and USDC stablecoins. At the time of writing, the Warp Protocol did not give any details about the attack. However, they assured users that they were actively investigating the matter. The DeFi protocol also advises users not to make deposits in stablecoins until the coast was clear.
While investigations are going on, Emiliano Bonassi gave some details about what happened during the attack. Bonassi is the co-founder of Marqet exchange, a DeFi trading platform. He says the hacker requested three wrapped ether (WETH) loans via flash swaps. Bonassi goes on to explain that funds were used to mint tokens of WETH against DAI in the liquidity pool. The tokens now function as collateral for the attacker to clear out the stablecoin vaults.
Are Flash Loans bad?
For those who are not familiar with flash loans, it is not a complicated process. These are simply loans that are borrowed and paid almost immediately, hence the name ‘flash.’ The loans have to be returned almost immediately, and do not need any collateral. This was how the attacker was able to compromise Warp Finance, which is just over a week old.
While this could be great for traders and people who need money instantly, it also has its downsides. Hackers and other evil-minded people exploit the very system that these loans work on. Flash loans have been used in massive attacks on DeFi platforms this year alone. Harvest Finance, Value DeFi, Origin Protocol, and Akropolis have all lost about $39 million cumulatively to flash loan attacks.