Wise Lending, a Web3 lending app and yield aggregator, experienced a significant breach on January 12, resulting in the theft of 170 Ether (ETH), currently valued at $440,000.
This incident has been confirmed by multiple security experts, who suspect that the attacker may have exploited an oracle price using a flash loan.
The attack was recorded on the blockchain at 7:29 pm UTC, with the perpetrator utilizing an unverified contract featuring an address ending in “d82c” to siphon off the funds.
The attacker also moved various tokens into this contract, including $9,000 in USD Coin (USDC), $2,000 in Tether (USDT), $5,000 in Dai (DAI), 18.51 Wrapped Ether (WETH), valued at $47,694, and various tokens linked to Pendle Finance.
As part of the exploit, the attacker borrowed 1,110 Lido Staked Ether (stETH) tokens, which amounted to $2.9 million, from the Aave lending protocol.
Flash loans, commonly employed by exploiters, are used to manipulate oracle prices, enabling such attacks.
A pseudonymous blockchain security researcher known as Spreek first alerted the crypto community to the Wise Lending attack, posting on X (formerly Twitter), stating, “Looks like Wise Lending exploited for ~170 ETH.”
READ MORE: DeRec Alliance Unveils Ambitious Plan for Decentralized Digital Asset Recovery System
Spreek also speculated in a follow-up post that the vulnerability might be connected to a new Pendle Finance derivative token.
Another security researcher, Officer’s Notes, commented on the situation, remarking, “Another day, another exploit.”
Officer’s Notes suggested that the vulnerability may have been triggered by a 7% price swing between stETH and ETH within a particular pool, possibly due to an AAVE v2 stETH flash loan.
Although 2024 has just begun, the decentralized finance (DeFi) sector has already suffered losses of at least $5 million due to various exploits.
On January 3, Radiant Capital incurred losses exceeding $4.5 million, followed by liquidity manager Gamma Protocol losing over $400,000 to an exploit the next day.
In the previous year, 2023, the crypto industry witnessed losses totaling over $1.8 billion as a result of hacks, scams, and exploits, as reported by blockchain security platform Certik.
These incidents underscore the ongoing challenges and security concerns within the crypto space.
Discover the Crypto Intelligence Blockchain Council