Ola Finance is the newest victim of a never-ending spree of crypto hacks, which resulted in a loss of $4 million.
Ola finance is a platform for the creation of custom DeFi modules. Hackers exploited its fuse-based mechanism of Voltage Finance protocol to carry out the hack.
How did the hackers drain the funds from Ola Finance?
PeckShield, a blockchain security, and data analytics company, put out a detailed tweet about how the hack was carried out.
“The hack is made possible due to the incompatibility between Compound fork and ERC677/ERC777-based tokens, which have the built-in callback functions misused to allow for reentrancy to drain the lending pool.”
Voltage Finance confirmed the hack of Ola Finance on Twitter:
We became aware of a breach on the @voltfinance lending platform around 3 hours ago leading to the theft of $4M in $USDC, $FUSD, $BUSD, $WBTC, $WETH & $FUSE. We are collaborating with our Lending-as-a-Service partner, @ola_finance, for preliminary investigation
Tweet by Voltage Finance
Reentrancy bug, a common issue, enabled the hackers to carry repeated calls to drain the assets.
Ola Finance said that it’s still investigating the exploit. They have paused all other lending products on Fuse Network to mitigate further damage. They also assured to release a detailed report soon.
Never-ending crypto exploits
Hackers seem to be on a splurge without halt as they loot one after another. Ronin suffered one of the largest hacks ever in DeFi history as it lost over $600 million in Ethereum and USDC.
The worrying part of the Ronin hack was that it went undetected for almost a week. The team became aware of the situation only after a user communicated his inability to withdraw 5,000 ether.
The skyrocketing number of hacks makes users worry about the safety of their funds. With the global adoption of crypto slowly rising, hackers are doing their best to exploit and loot.