Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
On Thursday, a hacker ran off with $16 million from decentralized finance (DeFi) project Indexed Financeâbut now the protocolâs team says they know who the attacker is.Â
Indexed Finance is a DeFi project built on Ethereum. It produces tokens that track market indexes. A hacker took the assets that were backing the value of the index tokens by finding a vulnerability in the protocolâs smart contracts.Â
The attack was typical of DeFi exploits: the hacker took advantage of the flash loan mechanism by overloading the protocol with new assets. This lowered the price of the Indexed tokens, which then allowed the attacker to mint new ones and cash them out.
Now, two out of six assets in the protocol, DEFI5 and CC10 (both index tokens that track large DeFi projects), have lost most of their value.Â
DEF15 dropped by 85% an hour after the hackâfrom $88.73 to $3.67, according to CoinGecko data. CC10 lost 98% of its value; before the hack it was trading for $62.50 but afterward it dropped to $0.74.
Three other index tokens, DEGEN, NFTP and ORCL5, are safe, Laurence Day, a 32-year-old contributor and member of the Indexed DAO told Decrypt. The sixth asset, FFF, a meta index that contains DEFI5 and CC10, was badly damaged and will need to end in its current form. He added that a compensation plan will be put together.Â
The projectâs members identified the hacker on Friday because he didn't cover his tracks off-chain well enough, Day said. They then gave him an ultimatum: return the funds by midnight on Saturday or else they would contact law enforcement.Â
The 10% offer has expired. The attacker has until EOD to return 100% of the stolen funds or his information will be published and law enforcement notified.https://t.co/am2XnwL5fD
â Indexed Finance (@ndxfi) October 16, 2021
But members of the DAO have since put the breaks on the conditions, they said via Twitter, because they found out the hacker was âsignificantly younger than we thought.âÂ
Day told Decrypt that the project was in a âdesperately tense situationâ and was still figuring out what to do next. He would not tell Decrypt if they were negotiating with the hacker.Â
But he said that several people on the protocolâs team had verified who the hacker wasâand it was now up to him to return the funds. âThis is a choice which is now in the hands of the attacker,â he wrote.Â
The ultimatum has not been met.
In the minutes before the deadline elapsed, @ZetaZeroes made changes to his accounts that have made us realise at the last minute that the attacker is significantly younger than we thought.
â Indexed Finance (@ndxfi) October 17, 2021
Day did not add whether they would contact law enforcement today.Â
DeFi, or decentralized finance, is a catch-all term for projects that want to automate traditional financial tools, like banks. They aim to provide loans, interest, and asset swaps without banks or other intermediaries via smart contractsâbits of code that carry out instructions. Most are built on Ethereum, the blockchain that houses the second-biggest cryptocurrency by market cap.Â
But DeFi is an experimental industryâthe protocols are very newâand it is prone to hacks. Indexed is not the first to suffer such a big exploit. The list of DeFi hacks this year is long but last month alone pNetwork lost $12.5 million and an NFT project called Vee Finance suffered a $35 million exploit.Â
And in August, a hacker ran off with $25 million from lending and borrowing platform Cream Finance.Â
DeFi Has Lost $474 Million to Hacks and Fraud in 2021: Report
Many projects have been able to recuperate some of the stolen funds. But the huge hacks happening each month are a reminder that the space is new, experimental and risky.Â
Laurence added that the DeFi space needs auditors to prevent hacks and added that âthe talent pool in the space is desperately thin.â
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.