The crypto sector has been riddled with hacks and exploits since the beginning of this year, impacting investors with financial damage and loss of trust. Now, QuickSwap, a decentralised finance (DeFi) platform, has suffered a flash-loan exploit attack. This drained over $220,000 (roughly Rs. 2 crore) from the accounts of the Polygon-based platform. As a result, QuickSwap has decided to draw curtains on its crypto lending services. The attackers have gotten away with MATIC, Lido’s LDO, and staked MATIC cryptocurrencies.
Flash loans that do not require a borrower to post collateral as long as the loan is paid back in the same transaction. In this exploit, attackers borrowed funds from QuickSwap using a flash loan.
As per recorded data, this manipulated the prices of some tokens. Later, the attackers used the inflated values as a collateral to drain all liquidity from the affected QuickSwap pool.
QuickSwap posted an official announcement about shutting down its lending services on Twitter.
:warning:QuickSwap Lend is closing:warning:
:link:$220k was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which @marketxyz was using
☣ Only the Market XYZ lending market was compromised. QuickSwap’s contracts are unaffected
:sewing_needle::thread::point_down:1/3 pic.twitter.com/oWNz7BAujT
— QuickSwap (@QuickswapDEX) October 24, 2022
As per the platform, no user funds were compromised in this incident.
The stolen tokens have been wired into unknown wallets via the infamous crypto mixer tool Tornado Cash.
In a recent report, Chainalysis claimed that the month of October has been the worst in terms of crypto-related crimes this year. The crypto sector lost over $718 million (roughly Rs. 5,890 crore) owing to these back-to-back crimes.
“This year will likely surpass 2021 as the biggest year for hacking on record. So far, hackers have grossed over $3 billion (roughly Rs. 24,601 crore) across 125 hacks,” the Chainalysis study has claimed.
1/ After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from #DeFi protocols across 11 different hacks. pic.twitter.com/emz36f6gpK
— Chainalysis (@chainalysis) October 12, 2022
Crypto criminals are swarming to Twitter to hunt for their potential victims, a cyber security researcher popular by the name of ‘Serpent’ recent reiterated on Twitter.
From crypto recovery scams to honeypot and fake reward techniques, scammers have stepped-up their game to churn boatloads of money wrapped as digital assets from innocent investors using Twitter as a connecting point.