WOOFi, a decentralized exchange, suffered significant financial losses due to an exploit in its Arbitrum lending market, as revealed by the company on Wednesday.
The exploit, identified by several blockchain security firms, including PeckShield, Hypernative, and Chainalysis, involved flash loan attacks targeting WOOFi Swap on Arbitrum around 15:49 UTC on March 5.
In response, WOOFi swiftly halted the affected contracts at approximately 16:02 UTC and initiated an investigation revealed in a report detailing the incident, which was subsequently released on March 6.
The hacker manipulated the sPMM algorithm, which is responsible for setting prices on Arbitrum-based WOOFiSwaps. This manipulation occurred after borrowing 7.7 million WOO tokens and “some other assets.”
The company stated, “At this point WOOFi’s sPMM incorrectly adjusted WOO to an extreme price which was close to zero, and the exploiter then swapped out 10M WOO in the same transaction with almost no cost. The exploiter repeated this attack 3 times within a very short period of time, which netted about $8.75m in profits after returning the flash loans.”
While the attack only affected WOOFi v2, other WOOFi contracts remain unaffected and operational. The team has temporarily paused the v2 swap and aims to resolve the issue promptly, planning to redeploy within two weeks. Additionally, they intend to proceed with the release of the v3 version later this spring.
In the meantime, efforts to recover the stolen funds are underway, with the team offering a 10% whitehat bounty to the exploiter.
Also Read: Arbitrum Set to Release $2 Billion Tokens Next Month
