Polygon’s QuickSwap Suspends Lending Protocol After $220,000 Flash Loan Attack

polygon quickswap flash loan attack dragon coin exploit train tracks

QuickSwap, a Polygon-based decentralized finance platform, suspended its lending services on Monday, October 25th, after suffering a flash loan attack that drained $220,000 from the protocol.

The decentralized exchange assured users that its Market XYZ lending platform was the only one exploited, and that user funds remain secure.

The manipulator was able to exploit the protocol using flash loans—an experimental financial tool that allows users to borrow without first providing collateral. In order for the loan to be valid, it needs to be borrowed and repaid within the same transaction.

The attacker used flash loans to manipulate the QuickSwap token’s market price, and then used their inflated value as collateral to take out loans, completely draining QuickSwap’s liquidity pool. 

The exploiter then swapped the stolen tokens and moved the funds through Tornado Cash–an Ethereum-based privacy mixer that was recently sanctioned by the U.S. government.

The attack on QuickSwap is similar to the events that took place on Mango Markets and Moola Market. In the case of Mango, the attacker, now revealed to be Avraham Eisenberg, used an almost identical strategy to steal $114 million from Mango Markets, a Solana-based decentralized platform. Though he later returned almost $70 million to the protocol, he was able to keep $47 million as a bounty reward through some cold negotiation tactics.

Celo-based Moola Market lost $10 million after an attacker manipulated the price of its native MOO token in order to borrow large amounts of tokens against the inflated MOO collateral, completely draining the protocol of its funds. The attacker later returned more than 93% of the stolen funds.

October has been the worst month of hacks in crypto history, and more than $800 million has already been drained from various protocols and tools across the sector.

On the Flipside

  • The losses incurred are minor when compared with Mango Markets and Moola Market. Additionally, user’s funds remained secure.
  • The thief may yet return some of the funds.

Why You Should Care

The attack on QuickSwap is only one out of a dozen that have occured this month. Users should keep an eye on the exchanges and protocols they use to stay safe and avoid becoming a potential victim to such security incidents.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed to be financial legal or tax advice. Trading Forex, cryptocurrencies, and CFDs poses a considerable risk of loss

Author

Rue Abernai is a blockchain content writer focused on Web 3.0 domains, DeFi, and Ethereum Layer-2s. Rue believes blockchain technology has the potential to transform how we see and interact with society, economy, and culture. Rue spends his spare time hiking, playing with his dog, and reading. He has been active in blockchain and cryptocurrencies since 2020.