Nereus Finance, a decentralized protocol operating on Avalanche (AVAX), has been the victim of a $370,000 attack following a price manipulation made possible by a flash loan. An unfortunately common method that has already allowed a large number of hacks in the decentralized finance environment (DeFi).
A DeFi protocol victim of flash loan on Avalanche
Nereus Finance, a decentralized lending protocol on the Avalanche blockchain (AVAX), suffered a theft equivalent to $370,000 from one of its smart contracts.
Avalanche is an open source platform for creating decentralized subnetworks and applications, all structured by its AVAX token. Find it in our detailed presentation of its ecosystem.
According to Snowtrace Explorer, the attacker made a $51 million flash loan to manipulate prices on the Nereus NXUSD market. Flash loans are instant loans that require no collateral but must be repaid in a single transaction.
This solution is sometimes used to generate profit by finding arbitrage opportunities in the decentralized finance ecosystem (DeFi), but it is also sometimes used to manipulate prices and steal funds. The attacker in this case generated a $370,000 capital gain after repaying his loan.
He then transferred the funds to the Ethereum (ETH) network, before sending 45 ETH on 4 different wallets. The money was then transferred to FixedFloat, a Lightning Network swap protocol. As of this writing, the original wallet identified as belonging to the hacker now holds only $15,840 in the form of DAI.
The dangers of decentralized finance
The US FBI recently highlighted the dangers of decentralized finance, and more specifically the hacks increasingly arriving in this ecosystem. The figures are unequivocal: 97% of the funds stolen during the first quarter of 2022 came from DeFi.
The flash loan method is one of the most common, having been used for the $181 million Beanstalk hack last April, or more recently for the $8.8 million Crema Finance hack in July.
However, it is the exploitation of cross-chain bridges that remains the most popular method, as these bridges are very important sources of liquidity due to their intrinsic structure. This is the process that was used during the infamous Ronin sidechain hack at $621 million, the largest in history.
It should be noted, however, that security firms specializing in blockchain, such as PeckShield or CertiK, are increasingly able to detect suspicious activities on protocols and smart contracts.
The flash loan on the Nereus Finance market was first reported thanks to Skynet, the automatic detection software for abnormal activity on smart contracts deployed by CertiK.