DeFi Editor's Picks

New Free DAO (NFD) Token Crashes by 99% After a Flash Loan Exploit, Up to $1.25M Vanished

New Free DAO (NFD) Token Crashes by 99% After a Flash Loan Exploit, Up to $1.25M Vanished

New Free DAO (NFD) decentralised finance (DeFi) platform was exposed to a flash loan attack early on Thursday, resulting in an estimated loss of $1.25 million. Following the hack, the ecosystem’s native token fell by 99%, according to CertiK, a smart contract review company. 

Flash loans provide borrowers with the ability to take out large sums of assets without having to put up any upfront security. Criminals frequently utilise this to exploit DeFi protocols.

Several DeFi protocols provide flash loans, which let users borrow substantial amounts of assets without making prior collateral deposits, unlike regular loans. The sole requirement is that the loan must be paid back in one transaction within a predetermined time frame.

However, the NFD attacker utilised the new attack contract to interact with the unverified contract and receive rewards by borrowing WBNB through a flash loan and exchanging it for New Free DAO (NFD) tokens.

“The attacker repeated the process with dozens of newly created contracts,” according to CertiK.

NFD suffered a series of attacks

The company said that the attacker used an unverified contract and added themself as a member by using the function addMember(). The attacker carried out three flash loan attacks with the aid of the attacking contract.

New Free DAO (NFD) Token Crashes by 99% After a Flash Loan Exploit, Up to $1.25M Vanished

They suspect the perpetrator is related to the Neorder – $N3DR attack, which occurred four months ago and resulted in the loss of 930 BNB at the time.

Hackers are increasingly using flash loan attacks owing to their low risk, low cost, and big payoff attributes. The Solana ecosystem saw the collapse of an algorithm stablecoin in a flash loan hack in July. 

Attackers stole $3.5 million from Nirvana Finance, driving down the value of its Defi-protocol token, ANA, and the NIRV stablecoin by 90%.

The attackers employed TornadoCash mixer

The detection company said that they are beginning to observe the deposition of the stolen funds into TornadoCash, a service that mixes other cryptocurrency funds with potentially traceable or compromised cryptocurrency funds to hide the source and destination of cryptocurrency assets.

The U.S. Treasury has recently blacklisted Tornado Cash in the U.S because they think it has enabled cryptocurrency money laundering on a scale of billions of dollars through its platform and has become the go-to option for hackers targeting decentralised platforms.

According to CertiK, 400 BNB (about $111K) has been sent into the mixer thus far.

Related posts

XRP, BCH, LTC, Dash: technical analysis and forecast of the course on 22-23 December 2018


Ofelimos, the Protocol Introduced by IOHK That Reduces the Cost of POW Energy

Jai Hamid

Ripple launches Liquidity Hub to enable access to various digital assets

Afroz Ahmad