Hackers were reportedly able to exploit savings pools at the Gibraltar-based decentralized funding protocol Acropolis, getting away with more than $ 2 million in stablecoins.
The firm stated on Twitter on April 12 that it had identified a hack “performed on some smart contracts in the savings pools”. Akropolis said the areas targeted by the hackers had already been checked twice, and only including “Curve Y and Curve sUSD savings pools.”
Ethereum blockchain records show the hackers got away with more than 2,030,850 Dai (DAI) using these savings pools. They then moved the money to a different address.
Akropolis has since issued a statement on its website citing that “most of the funds” are safe and that it would disrupt all stablecoin pools. The company added that it was “exploring ways” to compensate affected users.
Akropolis founder and CEO Ana Andrianova disputed claims the attack was carried out in a similar fashion to the one on Harvest Finance’s decentralized funding protocol in October. In that case, hackers could operating more than $ 24 million from the pools of the DeFi project and trade it in for renBTC (rBTC). Acropolis stated that the exploit used was “a combination of a re-entry attack with the emergence of dYdX flash loan.”
CertiK, the security company that audited Acropolis’ smart contracts, seemingly missed the two attack vectors the hackers used in this case. The company also reportedly conducted audits on the lending protocol bZx, which has been attacked three times this year.
Data from crypto analytics firm CipherTrace reported Tuesday suggests this while hacks on decentralized financial protocols were “virtually negligible” in 2019, now accounting for 20% of crypto losses from thefts and hacks.
“DeFi’s surge was what ultimately attracted criminal hackers, resulting in the most hacks for the industry this year,” stated the report.