Earning.farm Yield Platform Under Attack: Details – U.Today





Earning.farm, a user-friendly yield machine for Ethereum (ETH), Wrapped Bitcoin (WBTC) and USD Coin (USDC) holders, is exploited by malefactors.
As per a statement shared by California-based Web3 security vendor Supremacy Inc., earning.farm DeFi suffered two attacks yesterday, Oct. 15, 2022.
1/ Hi, @EarningFarm, your EFLeverVault contract was hit by a Flashloan attack that resulted in a cumulative profit of 480 Ether from the MEV Bot and 268 Ether from the hackers. here is a brief vulnerability analysis of the attack.https://t.co/Faw9FyWae1 pic.twitter.com/jhXuqbq1dJ
EFLeverVault, a key element of earning.farm DeFi’s design, was targeted by flash loan attacks. Due to an architecture flaw of its contract, attackers managed to withdraw all Ethers (ETH) stored in the contract that was designed to act as collateral.
As explained by a seasoned blockchain security researcher Daniel Von Fange, a contract of EFLeverVault filed to verify the initiator of the large withdrawal:
The 750 ETH hack from EFLeverVault a few hours ago happened because the contract did not verify that flashloan callbacks were actually initiated by the protocol, allowing the attacker to tell the protocol to withdraw large amounts of funds
As a result, a total of 750 Ethers was siphoned from the protocol: 480 Ethers ended up in an MEV bot, while 268 Ethers were withdrawn by hackers.
As Ethereum (ETH), the second largest cryptocurrency, was changing hands at $1,300 yesterday on major spot trading platforms, net losses might exceed $950,000.
October 2022 will be remembered as a month of unmatched attacks against the mainstream DeFi infrastructure. On Oct. 7, 2022, a bridge between two elements of BNB Chain was exploited for $566 million.

Related
BSC Hack: Here’s Main Factor Why BNB Price Remains Almost Unaffected, Per CZ

On Oct. 12, Solana-based liquidity protocol Mango was drained of $100 million as a malefactor managed to manipulate the price oracles.
Later, the Mango community agreed to pay the largest bug bounty to the hacker: they receive $47 million and return the rest of the funds affected.

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.
Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)
Disclaimer: Any financial and market information given on U.Today is written for informational purpose only. Conduct your own research by contacting financial experts before making any investment decisions.

source



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.