DeFi Lending Protocol Ola Finance suffers $4.67M hack
Guys, things are a somewhat somber over at Ola Finance today. According to reports that's been circulating online this morning, hackers made off with $4.76 million yesterday after executing a re-entry assault on the decentralized lending protocol. This is no April Fool's joke, let's get into it.
About Ola Finance
According to its website, Ola Finance is "a Lending-as-a-Service platform that allows anyone to create their own branding lending network." Unlike other DeFi lending programs such as Compound and Aave, Ola Finance's stated goal has been to create an inclusive lending protocol within DeFi where "assets can be listed without needing to pass cumbersome and expensive governance schemes or comply with numerous requirements (deep liquidity, high trading volumes, low volatility, etc.)."
About DeFi Lending
Decentralized finance or (DeFi) is, as the name implies, an ecosystem of open-source, permissionless financial services and applications using blockchain technology and operating with self executing smart contracts which don't require a third party intermediary or middleman.
With DeFi lending, users lend their crypto coins and interest while others can borrow funds directly. Compared to traditional lending, the DeFi process is completely transparent and straightforward. There is no preferential treatment, the environment is censorship free, and smart contracts are immutable. DeFi lending has therefore been very popular among to crypto investors.
Thursday's Attack on Ola Finance
According to reports, the hackers exploited a re-entrance vulnerability to make off with 216,964 USDC, 507,216 BUSD, 200,000.00 fUSD, 550.45 WETH, 26.25 WBTC, and 1.24 million FUSE, valued at approximately $4.67M.
In a series of tweets, blockchain security firm and data analytics vendor, PeckShield has since explained in detail how the hack was executed, pointing to an "incompatibility between Compound fork and ERC677/ERC777-based tokens, which have the built-in callback functions misused to allow for reentrancy to drain the lending pool".
Ola Finance also shared details of the attack and published the hackers' addresses in a blog on Medium:
Attacker addresses on Fuse chain:
Contract1: 0x632942c9BeF1a1127353E1b99e817651e2390CFF
Contract2: 0x9E5b7da68e2aE8aB1835428E6E0c83a7153f6112
Attacker addresses on Ethereum:
Attacker addresses on BNB chain:
Ola Finance Team Outlines Next Steps
In addition to taking responsibility and outlining next steps, the Ola Finance team stated: "In the coming days, we will release a formalized compensation plan detailing the distribution of funds to affected users."
I think it's refreshing to see the team take accountability and also outline steps to reimburse affected users. This has been a key concern for many crypto investors who have cried foul in recent months as impacted exchanges or platforms failed to provide proper guidance on the next steps and when or if they would be compensated in a timely manner. When answers to these questions are left up in the air, it's not a good look and it can heighten mistrust for the industry in general. And so, I do think it's a good step that Ola Finance has taken in its crisis response.
Other heists in the past year
Moving away from Ola Finance in particular though, guys, it is concerning, to put it mildly, that there appears to be an increased number of crypto heists executed by bad actors recently, and the volume of funds that is being pilfered is very alarming.
Earlier this week, the cryptosphere was abuzz with news of a hacker draining more than $600M worth of cryptocurrency from Axie Infinity's Ronin sidechain and transferring the funds to themselves days before the company noticed the funds were missing.
Now to the dev team at Ronin, I have thoughts on this one. To me, and this is just me, it is absolutely unacceptable for this volume of funds to be leaking from your coffers unnoticed for days. I was rooting for you guys! I actually wanted to get some Axies and get in on the game before this. But reading about the heist and then learning that, according to a BBC report, the "Ronin Network has not yet told customers what's happening with their funds or when they will get their money back"... yeah, that last bit is a bit of a deterrent.
Other recent hacks include:
The $320 million attack on blockchain bridge Wormhole in February,
A $200 million theft from Bitmart in December,
A $600 million heist on cryptocurrency platform, Poly Network in August 2021.
These are, of course, by no means all the attacks that have occurred over the past year. Whose behind them? Well, there's been conspiracy theories about that as well, all right? Some people suggest just regular bad actors. Some people think might be governments behind them? Who knows, right? One thing is for certain though: Incidents like these reemphasize the critical need for vigilance.
Well my friends, I'm curious, have you ever been affected by a hack? Have you ever had your funds stolen? If yes, how did you deal with it? What are thoughts about these attacks on DeFi platforms? Do you think they could serve to cripple this sector of the industry? I'd hope not. I agree that there are serious concerns that must be addressed, however, I think ultimately, DeFi has really really revolutionized our transactions and I do hope that it can continue to grow past this.
Well, guys, I'm off again. Until we meet next time, please remember to be safe. Arrivederci!
This article was first posted to my Publish0x account where I write under the pseudonym, I-HODL.
Resources
la idea de que estas plataformas son seguras, esta quedando en el pasado y puede ser algo grave si las personas van a sentir miedo de tener sus inversiones en cripto, después de ver tantas plataformas supuesta mente segura perdiendo tantos millones en activos.