- WOOFi has lost millions of dollars to an attack.
- The decentralized exchange confirmed the news on Wednesday.
- Efforts to recover the stolen funds are underway.
Cross-chain decentralized exchange WOOFi is counting millions of dollars in losses following an exploit on its Arbitrum lending market, the company said on Wednesday.
On March 5 at about 15:49 UTC, multiple blockchain security firms alerted the crypto community to flash loan attacks targeting WOOFi Swap on Arbitrum. The firms that picked up the development include PeckShield, Hypernative, and Chainalysis.
Sponsored
In response to the news, the WOOFi team paused the manipulated contracts at about 16:02 UTC. It launched an investigation into the matter, culminating in a post-mortem report shared on March 6.
WOOFi Confirms the Attack
Per the report, the hacker launched the attack by manipulating the sPMM algorithm that controls the pricing on Arbitrum-based WOOFi Swaps after borrowing 7.7 million WOO tokens and “some other assets.”
“At this point WOOFi’s sPMM incorrectly adjusted WOO to an extreme price which was close to zero, and the exploiter then swapped out 10M WOO in the same transaction with almost no cost. The exploiter repeated this attack 3 times within a very short period of time, which netted about $8.75m in profits after returning the flash loans,” the statement read.
While other WOOFi contracts were unaffected and are operational, the WOOFi Swap v2 is still paused, with the team hoping to resolve the issue soon and “redeploy within two weeks” while continuing with its plan to release the v3 version later this spring.
In the meantime, the team has initiated efforts to recover the stolen funds, with a 10% whitehat bounty offered to the exploiter.
Stay updated on how much crypto hackers made in February:
Crypto Hackers Bag $104.73M from Over 20 Attacks in February
Read why BitForex is stirring exit scam fears: