DeFi attack on Avalanche fetches perpetrator $370k worth profits

Lavina Daryanani
Source: Money Times

The Avalanche network was used to execute a flash loan attack during the late hours of Tuesday. In the attack, a particular smart contract and several liquidity providers were targeted. Per blockchain cybersecurity firm CertiK, the attacker earned profits worth $370k.

A flash loan attack is an abuse of the smart contract security of a particular platform in which an attacker usually borrows a lot of funds that don’t require collateral. They then use arbitrage trading to make gains.

To do so, they manipulate the price of a crypto asset on one exchange and almost instantly resell it on another one. The process is usually spot-on and prompt, and attackers usually repeat the process multiple times before wrapping up.

In the latest breach on Avalanche, three possible protocols were victimized per CertiK. The same included staking platform Nereus Finance, DEX platform Trader Joe, and AMM Curve Finance.

Notably, the attack was executed around 7:26 pm UTC on Tuesday and was noted by CertiK’s on-chain security software Skynet.

Flash loan hack trend

Flash loans have been involved in a host of crypto heists in the recent past. Back in April, for instance, Ethereum-based protocol Beanstalk was hacked for over $180 million. The attacker(s) had reportedly taken a flash loan on the lending platform Aave which enabled them to hoard a large amount of Beanstalk’s native governance token, Stalk. With the voting power granted by these Stalk tokens, the attacker(s) were able to quickly pass a malicious governance proposal that drained all protocol funds into a private Ethereum wallet.

Read More: Why there’s more to the Ethereum-based protocol’s $180 million hack

However, as illustrated below, the funds stolen without using flash loans [purple] noted a rise in August, bringing to light that the route chosen by the Avalanche/Beanstalk hackers is not necessarily the go-to option for DeFi perpetrators.

Source: The Block

Avalanche’s DeFi performance

On the DeFi front, Avalanche has not been faring that well. The total value of assets locked on its platform, for instance, has been on the decline over the past few months and stood at merely $1.7 billion at press time, after noting a 4.1% daily decline.

Source: DeFiLlama

Furthermore, even on the revenue front, other protocols like Solana have been able to post better numbers. Aurum Crypto’s Web3 analyst recently took Twitter to highlight the said trend. Over the past three months, Solana had generated roughly $50k in daily fees. Avalanche’s number, on the other hand, hovered in the $25-$30k bracket.

Having said that, it should also be noted that Solana pays more for security. In other words, the imbalance between the cost and revenue of both protocols is quite large. Chalking out the same, the analyst tweeted,

$SOL : security cost is ∼56x revenue (1y)
$AVAX : security cost is ∼35x revenue (1y)