Crypto lending service Akropolis hacked, $2 million stolen
By Bob Garcia
This is the second time cryptocurrency lending services have suffered issues in the past two weeks
Just over a week ago, cryptocurrency lending platform Cred announced that it had filed for bankruptcy. The company discovered that some craft money-management activity may have been going on without anyone noticing, and it no longer had the money to cover users’ funds. Now, another crypto lending platform, Akropolis, is in trouble after it lost over $2 million to hackers.
Akropolis is trying to put all the pieces together and determine if there is anything to salvage after hackers broke in through a “flash loan attack” last week. The scheme is launched after the fraudster gets onto the system, allegedly to loan crypto. However, they use the access to alter code or exploit weaknesses to bypass the loan process in order to steal funds. Akropolis has already covered a lot of ground in its investigation, asserting that it knows how the attack took place and the wallet address of the hackers.
It isn’t clear what Akropolis plans on doing now, but it has a good starting point to resolve the problem. It explained on its website, “We noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Curve Y and Curve sUSD pools… The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.” It added that the bugs were related to deposit flows and were tied to how deposited tokens are meant to be verified.