Wise Lending, a Web3 lending app and yield aggregator, experienced a significant breach on January 12, resulting in the theft of 170 Ether (ETH), currently valued at $440,000.
This incident has been confirmed by multiple security experts, who suspect that the attacker may have exploited an oracle price using a flash loan.
The attack was recorded on the blockchain at 7:29 pm UTC, with the perpetrator utilizing an unverified contract featuring an address ending in “d82c” to siphon off the funds.
The attacker also moved various tokens into this contract, including $9,000 in USD Coin (USDC), $2,000 in Tether (USDT), $5,000 in Dai (DAI), 18.51 Wrapped Ether (WETH), valued at $47,694, and various tokens linked to Pendle Finance.
As part of the exploit, the attacker borrowed 1,110 Lido Staked Ether (stETH) tokens, which amounted to $2.9 million, from the Aave lending protocol.
Flash loans, commonly employed by exploiters, are used to manipulate oracle prices, enabling such attacks.
A pseudonymous blockchain security researcher known as Spreek first alerted the crypto community to the Wise Lending attack, posting on X (formerly Twitter), stating, “Looks like Wise Lending exploited for ~170 ETH.”
READ MORE: DeRec Alliance Unveils Ambitious Plan for Decentralized Digital Asset Recovery System
Spreek also speculated in a follow-up post that the vulnerability might be connected to a new Pendle Finance derivative token.
Another security researcher, Officer’s Notes, commented on the situation, remarking, “Another day, another exploit.”
Officer’s Notes suggested that the vulnerability may have been triggered by a 7% price swing between stETH and ETH within a particular pool, possibly due to an AAVE v2 stETH flash loan.
Although 2024 has just begun, the decentralized finance (DeFi) sector has already suffered losses of at least $5 million due to various exploits.
On January 3, Radiant Capital incurred losses exceeding $4.5 million, followed by liquidity manager Gamma Protocol losing over $400,000 to an exploit the next day.
In the previous year, 2023, the crypto industry witnessed losses totaling over $1.8 billion as a result of hacks, scams, and exploits, as reported by blockchain security platform Certik.
These incidents underscore the ongoing challenges and security concerns within the crypto space.