Flash loan attacks continue to be a popular attack method for malicious actors.
The New Free DAO DeFi project lost more than $1.25 million in a flash loan attack, PeckShield reported. The price of the NFD token has fallen by more than 99%.
Blockchain security firm PeckShield has alerted the crypto community that the New Free DAO project has likely suffered a $1.25 million loss, causing the value of the NFD token to drop by more than 99%.
The attacker has made off with $1.25 million in BNB and exchanged it for BSC-USD. The token was created on the Binance Smart Chain (BSC) and was a DeFi token that ostensibly focused on the NFT niche and offered a multitude of features.
However, the project does not seem to have a particularly strong reputation within the crypto market. There is little information about it, but it appears to have been popular enough to have lost over $1 million dollars.
Flash loan attacks are a popular means of attack in the DeFi space, and several projects have fallen victim to the attack. Basically, they work by manipulating prices after the attacker obtains an unsecured loan. They are comparatively easier to execute, hence their popularity.
Flash Loan Attacks Continue
In recent days, more and more projects have suffered a flash loan attack. Blockchain cybersecurity firm CertiK said a flash loan attack on the Avalanche Blockchain resulted in the theft of $370,000 from smart contract and liquidity providers. Curve Finance is believed to be among those affected.
Last year, Cream Finance suffered three flash loan exploits, with $130 million stolen in the third. PancakeBunny lost $200 million in a flash loan in what was one of the biggest heists.
As such, the projects have made the security of their protocols a high priority. However, it seems that flash loan attacks will continue to happen. However, the teams are working on security.
Safety: Top Priority
The DeFi market has always been a favorite prey for attackers as a huge amount of capital flows into it. New projects and protocols with little security auditing, and being new, are common targets for these attackers.
Over the last 18 months, many major projects have doubled down on their focus on security, as these attacks can have cascading effects.
CertiK reported in January 2022 that 44 attacks in 2021 were due to centralization issues. Other causes include missing event emitters, unlocked compiler versions, and lack of proper input validation.
Vulnerabilities Reported
Last month, Chainanalysis reported that, between January and July 2022, funds stolen in cryptocurrency hacks totaled $1.9 billion, up from $1.2 billion during the same period last year.
The Blockchain analytics firm indicated that the trend is unlikely to reverse any time soon, as a $190 million hack of the Nomad cross-chain bridge and a hack of 5 million dollars from various Solana purses.
“DeFi protocols are uniquely vulnerable to hacking as hackers can pore over their open source code for exploits and it is possible that the protocols’ incentives to hit the market and grow quickly lead to lapses in best security practices,” Chainalysis said on the blog.
Chainalysis attributes much of the illicit activity to “bad actors” associated with North Korea, such as the infamous Lazarus Group. According to their estimates, groups affiliated with North Korea have stolen roughly $1 billion worth of crypto from DeFi protocols so far this year.
By Audy Castaneda
