A blockchain analyst firm PeckShield highlighted a cyberattack on the lending and credit protocol, Fortress, that led to over a $3 million loss in cryptocurrency.
The hacker, according to PeckShield, took advantage of an easy bug in the Chain oracle that anyone may exploit due to the lack of power verification. Because of the developers’ negligence, the hacker was able to manipulate prices and execute a cyber heist.
Since the beginning of this year, many decentralized platforms such as Inverse Finance, Ronin Network, and others have suffered huge losses in cyber attacks. In April, Inverse Finance lost $15.6 million worth of crypto after its Keep3r oracle was tricked by the hacker to manipulate the price.
The attacker has launched an attack through the Binance Smart chain to manipulate Oracle after compromising the protocol through Fortress Governor Alpha. In the next move, he used two different blockchains, Celer Network, and Multichain as a bridge to reach the Ethereum network.
From Celer Network and Multichain, the attacker had transferred 770,853 USDT and 2,999,000 USDT respectively on the Ethereum wallet network. He swapped all USDT funds on Uniswap for 1048.1 ETH and 400,000 DAI.
In the end, to hide its transaction details, the attacker deposited funds into Tornado Cash.
Fortress Protocol released a statement through a tweet, that stated, “Fortress has been hit with what we believe is an oracle manipulation attack draining all funds. We are investigating to determine the exact method of attack.”
Also, to prevent any possible attacks, the protocol has disabled all its supply and borrow features until they fix it. However, the smart contract will be fully functional.
