A major cyber-attack reported on decentralized finance (DeFi) lending protocol Ola Finance led to the loss of $3.6 million worth of crypto assets.
The blockchain analyst firm Peckshield revealed that the perpetrator exploited the “re-entrancy” bug presented in Ola’s smart contracts.
Ola protocol runs its operation on different blockchains. Yesterday’s attack was performed on its deployment on the Fuse Network, which is an Ethereum Virtual Machine-compatible blockchain with a barely $12.8 million total value locked.
The attacker withdrew funds through Tornado Cash, a platform used by many attackers to withdraw illicit funds without leaving any clue. After transferring funds to Fuse Network, the perpetrator leveraged it to borrow a loan from Ola’s decentralized lending platform.
The exploitation of the re-entrancy bug allowed the attacker to fetch out collateral without paying the loan back to protocol.
The transaction details on Fuse’s website shows that the attacker has repeated this process multiple times across different Ola pools. To secure the fund, he transferred funds on wallets present on Ethereum and BNB Chain.
At the time of writing, Ola Finance has suspended its lending service on Fuse Network and committed to releasing an “official report detailing the exploit.” The protocol also claimed that its deployments on different blockchains were unaffected and secured.
This is the second attack in the week after Axie Infinity’s Ronin Network exploitation, which was one of the largest attacks on DeFi platforms with more than $600 million worth of crypto loss.
