JAKARTA - WOOFi's decentralized financial platform (DeFi) experienced a cyberattack on March 5, 2024, targeting its swap feature in the Arbitrum network. The incident resulted in a loss of around IDR 137 billion (8.75 million US dollars) in crypto assets.
Platform WOOFi mengatakan pihaknya telah menginisiasi upaya untuk memulihkan dana tersebut dan telah menawarkan bayengan whitehat sebesar 10 persen kepada pelaku serangan. Selain itu, ada juga hadiah bagi Arkham Intelligence bagi siapapun yang memberikan informasi tambahan.
Chronology Of Attacks
Based on a post-mortem report quoted from Crypto Potato, the sPMM algorithm that regulates pricing at WOOFi Swaps was exploited in Arbitrum. The attack involved a series of flash loans that utilized low liquidity to manipulate WOO prices, the original token of the WOOFi platform, allowing the perpetrators of the attack to pay off the loan at a lower cost.
The perpetrators of the attack borrowed around 7.7 million WOO and other assets, selling the token on WOOFi. This action caused the WOOFi sPMM to inaccurately adjust the WOO price to very low, allowing the perpetrators of the attack to exchange 10 million WOO in one transaction for almost free.
SEE ALSO:
The perpetrators repeated this attack three times in a short time, generating a profit of around IDR 137 billion (8.75 million US dollars) after paying off a flash loan. WOOFi revealed that the SPMM in the second version was designed to replace the oracle price taking into account the notional value of user trading to regulate slippage and maintain pool balance.
However, the glitch led to widespread deviation from the expected range (USD0.00000009), and backup checks, usually executed against Chainlink, excluding the price of WOO tokens.
Causes and Impacts of Attacks
WOOFi also said that its sPMM has not experienced an incident since its re-introduction in 2021, mainly due to its consistent approach' to the addition of new assets. The strict registration process of this platform makes exploitation with key assets like ETH almost impossible.
However, the platform blamed the recent introduction of the loan market for WOO in Arbitrum, which was paired with relatively limited liquidity support for WOO tokens elsewhere on the grid, which made it economically possible.
While WOOFi Swap operates on more than ten networks, there is no other network than Arbitrum featuring WOO tokens and the WOO loan market, which effectively inhibits replication of the same attack on alternative networks.
This attack caused losses to WOOFi users who have crypto assets on the platform. In addition, this attack also reduced public confidence in the DeFi platform and the Arbitrum network, which is one of the scalability solutions for Ethereum.
Meanwhile, a recent report by CertiK, said the crypto sector suffered a loss of around IDR 2.5 trillion ($160 million) in February due to exploitation, hacking, and fraud. These figures reflect a small decrease compared to January despite a price spike. Among these losses, flash loans only contributed IDR 2.1 billion ($138,000).
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)