After Uniswap, one of the biggest DeFi platforms, another well-known cryptocurrency has taken the attack.
Another DeFi project lost millions of cryptocurrencies
The new victim Earning.farm stole almost $1 million worth of cryptocurrencies. Earning.farm is a user-friendly returns machine for Ethereum (ETH), Wrapped Bitcoin (WBTC) and USD Coin (USDC) investors. The DeFi altcoin project was the last victim in October when its BSC was hacked. California-based Web3 security provider Supremacy Inc. According to a statement shared by the company, it was attacked twice on October 15, 2022.
The attackers targeted EFLeverVault, a valuable element of Earning.farm’s design. They exploit this place through a flash loan attack. They were then able to withdraw all Ethereum (ETH) stored in the contract, which was designed to act as collateral, due to an architectural flaw in its contract. As explained by veteran Blockchain researcher Daniel Von Fange, an EFLeverVault contract was made to verify the initiator of the big pullback:
A few hours ago, EFLeverVault’s 750 ETH hack occurred because the contract did not confirm that the flash loan callbacks were actually initiated by the protocol, allowing the attacker to tell the protocol to withdraw large amounts of money.
October hack season
Ethereum (ETH) infrastructure was the object of unprecedented raids that will go down in history in October 2022. On October 7, 2022, a bridge connecting two modules of BNB Chain fell victim to the $566 million influx. On October 12, a hacker manipulated Ethereum-linked oracle contracts. Solana-based Mango withdrew $100 million from its liquidity protocol. Later, the Mango community agreed to give the hacker the ultimate fault reward. They will give $47 million in exchange for returning the remaining funds currently affected.