Hacker Exploits Optimism-Based Decentralized Credit Market for $7,200,000 Worth of Ethereum (ETH)

An Optimism-based (OP) decentralized credit market protocol has been hacked to the tune of millions of dollars worth of Ethereum (ETH).

According to the security department of web3 protocol De.Fi, bad actors have stolen about $7.2 million worth of the leading smart contract platform by exploiting Exactly (EXA), an open-source credit market project.

“After a thorough review of the Exactly protocol hack, we have concluded that the total of stolen amount up to date is ~$7.2 million (4,323.6 ETH) Eventually, they bridged ~1,490 ETH, using Across Protocol, and 2,832.92 ETH to Ethereum via Optimism Bridge.”

According to Exactly, the protocol has been temporarily paused as the issue is investigated, though investors will still be able to withdraw funds.

“We’re actively investigating a security issue within our protocol. To ensure user safety, the protocol is temporarily paused (you can still withdraw assets). Our team is on top of this and will share more details as soon as possible.”

Blockchain security firm Beosin explains how the hacker found a way to bypass the protocol’s security measures.

“Root cause of the Exactly Protocol exploit: the market address in DebtManager contract could be manipulated. The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal the USDC deposited by users. Finally liquidated users’ assets to make a profit.”

News of the hack had an impact on EXA’s price as the altcoin fell sharply during the last 24 hours. EXA is trading for $4.28 at time of writing, a 32% decrease in the last day.

Generated Image: Midjourney