QuickSwap, a Polygon-based decentralized finance platform, suspended its lending services on Monday, October 25th, after suffering a flash loan attack that drained $220,000 from the protocol.
The decentralized exchange assured users that its Market XYZ lending platform was the only one exploited, and that user funds remain secure.
The manipulator was able to exploit the protocol using flash loans—an experimental financial tool that allows users to borrow without first providing collateral. In order for the loan to be valid, it needs to be borrowed and repaid within the same transaction.
The attacker used flash loans to manipulate the QuickSwap token’s market price, and then used their inflated value as collateral to take out loans, completely draining QuickSwap’s liquidity pool.
The exploiter then swapped the stolen tokens and moved the funds through Tornado Cash–an Ethereum-based privacy mixer that was recently sanctioned by the U.S. government.
The attack on QuickSwap is similar to the events that took place on Mango Markets and Moola Market. In the case of Mango, the attacker, now revealed to be Avraham Eisenberg, used an almost identical strategy to steal $114 million from Mango Markets, a Solana-based decentralized platform. Though he later returned almost $70 million to the protocol, he was able to keep $47 million as a bounty reward through some cold negotiation tactics.
Celo-based Moola Market lost $10 million after an attacker manipulated the price of its native MOO token in order to borrow large amounts of tokens against the inflated MOO collateral, completely draining the protocol of its funds. The attacker later returned more than 93% of the stolen funds.
October has been the worst month of hacks in crypto history, and more than $800 million has already been drained from various protocols and tools across the sector.
On the Flipside
- The losses incurred are minor when compared with Mango Markets and Moola Market. Additionally, user’s funds remained secure.
- The thief may yet return some of the funds.
Why You Should Care
The attack on QuickSwap is only one out of a dozen that have occured this month. Users should keep an eye on the exchanges and protocols they use to stay safe and avoid becoming a potential victim to such security incidents.
You Might Also Like: