The decentralized finance space continues to experience frequent attacks. The latest victim is Warp Finance with its flash loan attack.
Warp Finance is a platform that allows users to deposit cryptocurrency assets in exchange for various stablecoins. The platform described the attack as a “complex flash loan attack”. The attacker managed to remove $7.7 million of various stablecoins by borrowing more than the collateral value. However, Warp’s Finance security team claims that it has a plan to recover approximately $5.5 million that is still secured in the collateral vault.
If the recovery process is successful, the project plans to return the funds to the affected users. Over time, the project plans to compensate clients with the remaining $2.2 million.
Why is Flash Loan So Vulnerable?
While traditional cryptocurrency loans need users to provide some form of collateral, flash loans do not work that way. With flash loans, users can borrow without any form of collateral because the lender expects a refund immediately within the same block.
However, if the borrower fails to pay back, the contract will be void as if it never existed. This form of loan has opened the door for many similar attacks within the past several months.
Previous flash loan victims include protocols such as bZx, Balancer, Harvest, Akropolis, and Origin Protocol.
Glassnode, a blockchain analytics firm, made an investigation into the major reasons behind the growing number of flash loan attacks. From the investigation, the firm concluded that most exploits come from centralized price oracles, manipulated prices of assets, and siphon funds from contracts.
DeFi protocols have upgraded their platforms in an attempt to fight the vulnerabilities. However, as the Warp Finance situation shows, the relatively recent invention DeFi still displays security issues, and investors have to be aware of the dangers before allocating any funds.