Wise Lending, a Web3 lending application and yield aggregator, encountered a significant security breach on January 12th, resulting in the unauthorized acquisition of 170 ETH. Security experts have verified this occurrence, suspecting that the assailant potentially leveraged an oracle price through a flash loan.
Damage Control
The blockchain noticed the attack after the wrongdoer reportedly utilized an unauthenticated contract with an address concluding with d82c to divert the funds. The malefactor also transferred various tokens, including $9,000 in USD Coin (USDC), $2,000 in Tether (USDT), $5,000 in DAI, 18.51 Wrapped Ether (WETH) valued at $47,694, and assorted tokens linked to Pendle Finance, to this contract.
As part of the exploit, the perpetrator also borrowed 1,110 Lido Staked Ether (stETH) tokens, equivalent to $2.9 million, through the Aave lending protocol. Exploiters commonly use flash loans to manipulate oracle prices, facilitating such attacks.
A blockchain security researcher known as Spreek, using a pseudonym, initially alerted the crypto community to the Wise Lending attack on X, stating that the vulnerability might be associated with a novel Pendle Finance derivative token.
Hacks Still Ongoing
Another security researcher suggested that the vulnerability might have been triggered by a 7% price swing between stETH and ETH within a specific pool, potentially due to an AAVE v2 stETH flash loan. Despite the commencement of 2024, the decentralized finance sector has already incurred losses exceeding $5 million due to diverse exploits.
On January 3rd, Radiant Capital suffered losses surpassing $4.5 million, followed by liquidity manager Gamma Protocol losing over $400,000 to an exploit the following day. In the preceding year, 2023, the crypto industry witnessed losses totaling over $1.8 billion due to hacks, scams, and exploits, as reported by blockchain security platform Certik. These incidents underscore the persistent challenges and security considerations within the crypto space.