Decentralized exchange (DEX) QuickSwap is ending its lending pool after sustaining losses in a flash loan attack.
The Polygon (MATIC) based DEX says $220,000 worth of tokens were stolen following an exploit of DeFi platform Market XYZ.
The platform says the incident stems from a flaw in automated market maker (AMM) Curve Oracle, which Market XYZ was using.
“QuickSwap Lend is closing. $220,000 was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which Market XYZ was using.”
QuickSwap says the hack did not affect any user funds and clarifies that the DEX’s contracts haven’t been compromised.
However, the platform is terminating support for Market XYZ, and urges the platform to compensate for the losses of stablecoin creator Qi Dao, which provided the pool’s seed funds.
“We are encouraging users with funds deposited in Market xyz’s open markets on QuickSwap to withdraw them now, as we are in the process of closing them down.
Blockchain security firm Peckshield says the attack was achieved by compromising Curve Oracle’s price feed, and then borrowing funds based on the new inflated price.
“It is a price manipulation issue. The miMATIC market uses CurvePoolOracle for price feed, which is manipulated to borrow funds from the market.”
Peckshield also says blockchain security firm ChainSecurity reported the vulnerability earlier this month.
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/Vink Fan/Voar CC