-0.5 C
Wednesday, December 1, 2021

Another Day, Another DeFi Hack: Indexed Finance ‘Incident’ Costs Users $16 Million

The decentralised finance (DeFi) platform Indexed Finance has suffered its first hack, bleeding two of its pools of an estimated US$16 million.

The platform announced on October 15 that there was something going on affecting the DEFI5 and CC10 pools.

We’re aware of an incident that has just taken place within the DEFI5 and CC10 pools.

Looking into it.

— Indexed Finance (@ndxfi) October 14, 2021

Rebalancing Mechanism Exploited

After further inspection, it was found that hackers had exploited a weakness in one of the mechanisms used to balance pool token weightings. The attack affected the way index pools are rebalanced, with a more detailed description supplied in a post-mortem:

Security firm PeckShield reported that the attacker had stolen 15 ETH, 226.9K UNI, 7.5K AAVE, 6.4K COMP, 845.8K CRV, 516 MKR, 45.4K SNX, 33.2K LINK, 5.2K YFI, 17.8K UMA and 131.6K BAT, totalling around US$16 million. At the moment the $16M is sitting in the attacker’s account (0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe) with security firms keeping an eye out for movement.

According to the bot on Discord, the two pools that are now inaccessible have been left with US$288,000 and US$2 million in TVL, respectively.

Alright I found where this broke.

The pools controlled by the Sigma committee (DEGEN, NFTP, FFF) have been frozen and are not vulnerable to this exploit, but will require a proxy upgrade.

Post-mortem coming soon.

— Dillon Kellar (@d1ll0nk) October 14, 2021

NDX Token Drops 28%

Unsurprisingly, the protocol’s native NDX token has dumped 28 percent from US$3.35 to US$2.34 where it currently trades according to CoinMarketCap. The coin was trading at an all-time high of US$27.71 in February and is down 90 percent since then.

Those who have lost everything live in hope that the situation might resolve the way August’s Poly Network hack played out, with the hacker returning the funds and highlighting a major vulnerability.

As for compensating people who lost funds, this is – so soon after the event – still up in the air […] The core team will be discussing with the community how best to handle this situation.

Indexed Finance statement

They’ll be talking to similarly affected protocols for insights into their own approaches. It is still unclear whether the incident is a tombstone for the DeFi project or whether there will be a way to recover the funds or compensate users and restart.

The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.

BFIA Admin
The big boss.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles