DeFi project Akropolis exploited for over $2 million
November 12, 2020, 7:36PM EST
1 min read
Decentralized finance (DeFi) protocol Akropolis lost $2 million in DAI in an exploit on Thursday morning.
According to an update from the Akropolis team, a post-mortem analysis is forthcoming, and the team is exploring ways to reimburse those affected.
Akropolis is a DeFi lending and savings service provider that enables users to take out loans and generate yield on cryptocurrency deposits. The savings portion of the service, which utilizes Curve protocol, was exploited in the attack earlier in the day.
Flash loans allow users to borrow funds instantly, given they are returned within one transaction block, meaning users can take advantage of uncollateralized loans. In the case of the Akropolis attack, a combination of a re-entrancy attack and dYdX flash loan origination exploited the savings pools. The pools had been audited by two firms, according to Akropolis, but the attack vectors used by the hacker were not identified in either audit.
The majority of the funds on the protocol are safe, according to Akropolis. Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD and Curve sBTC were unaffected. Native AKRO and ADEL staking pools were also untouched.
In the meantime, all stablecoin pools have been paused and exchanges have been informed of the hack. The Akropolis team is in discussions with security specialists as it reviews its development and security processes for the coming analysis.