Hackers steal over $1 million from Decentralized Exchange (DEX) protocol NowSwap.
Attacks on DeFi platforms has increased in the recent months.
NowSwap announced they have launched an investigation regarding the hack on the protocol.
YEREVAN (CoinChapter.com) — Decentralized Exchange Protocol (DEX) NowSwap became a victim of a cyber attack on Wednesday.
According to blockchain security firm BlockSec, NowSwap was hacked and lost more than $1 million. In addition, the attackers allegedly stole 535,706 USDT and 158.28 WETH.
NowSwap is a decentralized exchange where users can swap virtually any asset peer-to-peer through the Ethereum smart contract infrastructure.
To successfully steal over 1 Million from the network, the hackers converted USDT to ETH through the decentralized exchange aggregator 1inch. After the conversion, they camouflaged it on the transaction-privacy platform Tornado Cash.
To pull off a flash loan attack, the hackers used an invalid ‘K’ value check in the pair contract of NowSwap to attack the protocol.
After every transaction, the hacker used the loophole to get a partial return on the loan amount and repeated the process until the total funds in the attacked pool got over.
Indeed, the current implementation only enforces 1/10 of K! The hacker grabs 535K USDTs and 158 WETHs. The USDTs have been swapped into ETH via @1inch and then washed via @TornadoCashhttps://t.co/IFXySRn1kV
Of late, the Decentralized Finance (DeFi) industry has become a target of regular hack attacks.
DeFi lending protocol Cream Finance lost $18.8 million in assets to a flash loan attack at the end of August. That was the second time hackers had targetted the protocol this year.
The cross-chain Defi protocol PolyNetwork also became the victim of the largest Defi attack, losing over $oo million in the process. The attack happened on August 10.
As Decentralized Finance evolved, the market saw the introduction of one of DeFi’s most innovative yet controversial features: loans that do not require collateral.
This feature allows people to take loans for a specific transaction because the borrower will return the fund immediately after the transaction is complete. If the borrower does not return the fund immediately, the transaction gets canceled.
Attackers see this as a loophole and use this otherwise innovative feature to re-borrow assets in a series of transactions, siphoning off funds in the process.
It appears NowSwap has become a victim of a similar attack.
Although Decentralized Finance (DeFi) is disrupting the financial landscape, its security issues remain a major drawback.
Yerevan-based Editor and writer focusing on topics about cryptocurrencies, NFTs, politics, and international relations. Having completed his Bachelor's and Master's degrees from Delhi's Jawaharlal Nehru University, he currently works as a reporter at CoinChapter.
Contact: [email protected]
The rich hate it, the poor hate it.. All jokes aside, inflation affects everyone in the world that owns...
Our Partners
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.