Moonwell DeFi Exploited in $320K Flash Loan Attack
The post Moonwell DeFi Exploited in $320K Flash Loan Attack appeared on BitcoinEthereumNews.com.
Flash loan exploit drains $320K from Moonwell DeFi’s USDC lending contract. Attacker swaps stolen USDC for DAI; funds are now in their wallet. Malicious contracts and TornadoCash were used to execute the attack. Moonwell DeFi, a decentralized lending protocol operating on the Optimism network, suffered a flash loan exploit, resulting in a loss of $320,000. The perpetrator targeted the protocol’s USDC lending contract, using a malicious contract address disguised as a “mToken.” This act granted unauthorized token approvals, allowing the attacker to drain funds from Moonwell users. The DeFi platform’s security systems soon alerted users and flagged areas of illegal breaches, including suspicious funding sources and malicious contract activity. On-chain sleuths also found out that the attacker’s wallet was pre-funded via Tornado Cash on the Ethereum network and strategically swapped the stolen USDC for DAI. Currently, the stolen assets are in the attacker’s wallet, making recovery challenging. What’s the Impact on Moonwell Users and DeFi? Flash loan exploits are a rising threat in the decentralized finance (DeFi) ecosystem. In this case, the attacker exploited Moonwell’s smart contract vulnerabilities, showing the ongoing risks protocols face despite stringent audits and preventive measures. The exploit demonstrates the urgent need for DeFi platforms to continuously monitor, patch, and enhance their security infrastructure. All in all, the DeFi space accounts for the largest share of stolen assets in the first quarter of 2024. Following closely behind are centralized services that were the most targeted in Q2 and Q3. Some of the most infamous centralized service hacks include DMM Bitcoin (May 2024, $305 million) and WazirX (July 2024, $234.9 million). Read also: DMM Bitcoin Calls It Quits Post $320M Hack, 450K Users Affected At press time, the Moonwell team has not released an official statement about the incident or potential user reimbursements. This attack adds to…
Filed under: News - @ December 24, 2024 11:18 am