DeFi Editor's Picks

New Free DAO (NFD) Token Crashes by 99% After a Flash Loan Exploit, Up to $1.25M Vanished

New Free DAO (NFD) Token Crashes by 99% After a Flash Loan Exploit, Up to $1.25M Vanished

New Free DAO (NFD) decentralised finance (DeFi) platform was exposed to a flash loan attack early on Thursday, resulting in an estimated loss of $1.25 million. Following the hack, the ecosystem’s native token fell by 99%, according to CertiK, a smart contract review company. 

Flash loans provide borrowers with the ability to take out large sums of assets without having to put up any upfront security. Criminals frequently utilise this to exploit DeFi protocols.

Several DeFi protocols provide flash loans, which let users borrow substantial amounts of assets without making prior collateral deposits, unlike regular loans. The sole requirement is that the loan must be paid back in one transaction within a predetermined time frame.

However, the NFD attacker utilised the new attack contract to interact with the unverified contract and receive rewards by borrowing WBNB through a flash loan and exchanging it for New Free DAO (NFD) tokens.

“The attacker repeated the process with dozens of newly created contracts,” according to CertiK.

NFD suffered a series of attacks

The company said that the attacker used an unverified contract and added themself as a member by using the function addMember(). The attacker carried out three flash loan attacks with the aid of the attacking contract.

New Free DAO (NFD) Token Crashes by 99% After a Flash Loan Exploit, Up to $1.25M Vanished

They suspect the perpetrator is related to the Neorder – $N3DR attack, which occurred four months ago and resulted in the loss of 930 BNB at the time.

Hackers are increasingly using flash loan attacks owing to their low risk, low cost, and big payoff attributes. The Solana ecosystem saw the collapse of an algorithm stablecoin in a flash loan hack in July. 

Attackers stole $3.5 million from Nirvana Finance, driving down the value of its Defi-protocol token, ANA, and the NIRV stablecoin by 90%.

The attackers employed TornadoCash mixer

The detection company said that they are beginning to observe the deposition of the stolen funds into TornadoCash, a service that mixes other cryptocurrency funds with potentially traceable or compromised cryptocurrency funds to hide the source and destination of cryptocurrency assets.

The U.S. Treasury has recently blacklisted Tornado Cash in the U.S because they think it has enabled cryptocurrency money laundering on a scale of billions of dollars through its platform and has become the go-to option for hackers targeting decentralised platforms.

According to CertiK, 400 BNB (about $111K) has been sent into the mixer thus far.

Related posts

Why the collapse of bitcoin below $ 8,000 does not scare traders

alfonso

Blockchain Bandit stole 45,000 ETH, guessing weak private keys

alfonso

Bitwise Submits a Revised ETF to the SEC

guido