Indexed Finance Claims to Have Found Hacker Who Stole $16 Million

Oct 17, 2021 | Decrypt News | 0 comments

On Thursday, a hacker ran off with $16 million from decentralized finance (DeFi) project Indexed Finance—but now the protocol’s team says they know who the attacker is. 

Indexed Finance is a DeFi project built on Ethereum. It produces tokens that track market indexes. A hacker took the assets that were backing the value of the index tokens by finding a vulnerability in the protocol’s smart contracts. 

The attack was typical of DeFi exploits: the hacker took advantage of the flash loan mechanism by overloading the protocol with new assets. This lowered the price of the Indexed tokens, which then allowed the attacker to mint new ones and cash them out.

Now, two out of six assets in the protocol, DEFI5 and CC10 (both index tokens that track large DeFi projects), have lost most of their value. 

DEF15 dropped by 85% an hour after the hack—from $88.73 to $3.67, according to CoinGecko data. CC10 lost 98% of its value; before the hack it was trading for $62.50 but afterward it dropped to $0.74.

Three other index tokens, DEGEN, NFTP and ORCL5, are safe, Laurence Day, a 32-year-old contributor and member of the Indexed DAO told Decrypt. The sixth asset, FFF, a meta index that contains DEFI5 and CC10, was badly damaged and will need to end in its current form. He added that a compensation plan will be put together. 

The project’s members identified the hacker on Friday because he didn’t cover his tracks off-chain well enough, Day said. They then gave him an ultimatum: return the funds by midnight on Saturday or else they would contact law enforcement. 

But members of the DAO have since put the breaks on the conditions, they said via Twitter, because they found out the hacker was “significantly younger than we thought.” 

Day told Decrypt that the project was in a “desperately tense situation” and was still figuring out what to do next. He would not tell Decrypt if they were negotiating with the hacker. 

But he said that several people on the protocol’s team had verified who the hacker was—and it was now up to him to return the funds. “This is a choice which is now in the hands of the attacker,” he wrote. 

Day did not add whether they would contact law enforcement today. 

DeFi, or decentralized finance, is a catch-all term for projects that want to automate traditional financial tools, like banks. They aim to provide loans, interest, and asset swaps without banks or other intermediaries via smart contracts—bits of code that carry out instructions. Most are built on Ethereum, the blockchain that houses the second-biggest cryptocurrency by market cap. 

But DeFi is an experimental industry—the protocols are very new—and it is prone to hacks. Indexed is not the first to suffer such a big exploit. The list of DeFi hacks this year is long but last month alone pNetwork lost $12.5 million and an NFT project called Vee Finance suffered a $35 million exploit. 

And in August, a hacker ran off with $25 million from lending and borrowing platform Cream Finance. 

DeFi Has Lost $474 Million to Hacks and Fraud in 2021: Report

Many projects have been able to recuperate some of the stolen funds. But the huge hacks happening each month are a reminder that the space is new, experimental and risky. 

Laurence added that the DeFi space needs auditors to prevent hacks and added that “the talent pool in the space is desperately thin.”

News Source from

Related Articles

TabTrader Token Is Launching on AcceleRaytor and Solanium

TabTrader Token Is Launching on AcceleRaytor and Solanium

PRESS RELEASE. Amsterdam, the Netherlands, 29th of November, 2021: TabTrader is excited to announce the launch of our own token (TTT) on Solanium and AcceleRaytor on December 1 🚀, aspiring to be the ‘ultimate trading terminal’; we are now on the way to drastically...

An updated look at DeFi audits and bug bounties

An updated look at DeFi audits and bug bounties

Quick Take As DeFi continues to grow, exploiting smart contracts will become more and more lucrative While hacks are inevitable, reasonable efforts can be made to ensure that the likelihood of their occurrences is kept at a minimum Smart contract audit firms are...

Pin It on Pinterest

Share This