16 November 2020

Hackers drained $2M worth of DAI from cryptocurrency service Akropolis


Hackers drained $2M worth of DAI from cryptocurrency service Akropolis

Cryptocurrency borrowing and lending service Akropolis has suffered a security incident, which resulted in theft of roughly $2 million worth of Dai cryptocurrency.

According to the company’s press release, the attack took place on November 12, 2020, in response to the intrusion Akropolis immediately halted all operations to prevent further losses. The investigation into the incident revealed that the platform was hit with a “flash loan” attack, an attack where malicious actors loan funds fr om a DeFi platform but then use vulnerabilities in the platform code to circumvent the loan mechanism and steal the funds.

Akropolis said that the hack was executed across a body of smart contracts in its “savings pools”.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Ycurve and sUSD pools […] These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination,” the company explained.

Akropolis said it has already identified the attacker’s Ethereum wallet, wh ere stolen funds are currently stored. Akropolis said it notified cryptocurrency exchanges about the attack and is now reviewing the code and security procedures.


Back to the list

Latest Posts

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020
FBI warns of spoofed FBI-related websites

FBI warns of spoofed FBI-related websites

Spoofed domains and email accounts could be used by foreign actors and cybercriminals to spread false information, deliver malware, or collect sensitive data.
25 November 2020
Chinese APT Mustang Panda resumes efforts to collect intel on Vatican

Chinese APT Mustang Panda resumes efforts to collect intel on Vatican

In the latest campaign the treat actor was observed using updated toolset in order to evade detection.
25 November 2020