- Hackers steal over $1 million from Decentralized Exchange (DEX) protocol NowSwap.
- Attacks on DeFi platforms has increased in the recent months.
- NowSwap announced they have launched an investigation regarding the hack on the protocol.
YEREVAN (CoinChapter.com) — Decentralized Exchange Protocol (DEX) NowSwap became a victim of a cyber attack on Wednesday.
WETH is a wrapped form of Ethereum which allows ETH to be swap with other ERC-20 Tokens in a decentralized exchange (DEX).
BlockSec also informed that the Decentralized Applications (dApps) platform Nimbus also suffered a similar attack.
Siphoning the millions of NowSwap
NowSwap is a decentralized exchange where users can swap virtually any asset peer-to-peer through the Ethereum smart contract infrastructure.
To successfully steal over 1 Million from the network, the hackers converted USDT to ETH through the decentralized exchange aggregator 1inch. After the conversion, they camouflaged it on the transaction-privacy platform Tornado Cash.
To pull off a flash loan attack, the hackers used an invalid ‘K’ value check in the pair contract of NowSwap to attack the protocol.
After every transaction, the hacker used the loophole to get a partial return on the loan amount and repeated the process until the total funds in the attacked pool got over.
NowSwap launches an investigation
After being notified of the hack by DeFi security experts, NowSwap announced today that they had launched an investigation.
“We are investigating the hack on our protocol,”NowSwap tweeted.
Of late, the Decentralized Finance (DeFi) industry has become a target of regular hack attacks.
DeFi lending protocol Cream Finance lost $18.8 million in assets to a flash loan attack at the end of August. That was the second time hackers had targetted the protocol this year.
The cross-chain Defi protocol PolyNetwork also became the victim of the largest Defi attack, losing over $oo million in the process. The attack happened on August 10.
Recommended: OpenSea senior employee accused of insider trading
Enemy No 1 – loans without collateral
As Decentralized Finance evolved, the market saw the introduction of one of DeFi’s most innovative yet controversial features: loans that do not require collateral.
This feature allows people to take loans for a specific transaction because the borrower will return the fund immediately after the transaction is complete. If the borrower does not return the fund immediately, the transaction gets canceled.
Attackers see this as a loophole and use this otherwise innovative feature to re-borrow assets in a series of transactions, siphoning off funds in the process.
It appears NowSwap has become a victim of a similar attack.
Although Decentralized Finance (DeFi) is disrupting the financial landscape, its security issues remain a major drawback.