DeFi protocol falls victim to New Free DAO instant credit attack

Decentralized finance (DeFi) protocol New Free DAO reported a total loss of $1.25 million in instant loan attacks on September 8. After the attack, the protocol’s token lost 99 percent of its value.

Some DeFi protocols offer instant loans that allow users to borrow large amounts of assets without the need for upfront collateral, unlike regular loans. The only condition for these loans is that the loan amount must be paid back in a single transaction within the specified time. However, this feature is frequently abused by malicious people, who are getting lost by borrowing large amounts of assets.

Blockchain security firm Certik warned the community on Wednesday that there was a 99 percent price slide in the NFD token price post-instant loan. The cyber attacker allegedly added himself as a member with the “addMember()” function, using an unverified contract. Afterwards, he carried out three instant credit attacks with the help of the unconfirmed contract.

The attacker first borrowed 250 WBNB worth $69,825 and converted them into NFD. Afterwards, the contract was used in several more attacks to get the airdrop rewards. All the airdrop rewards were subsequently converted to WBNB and the attacker made a profit of 4481 BNB.

The cyber attacker returned the borrowed 250 BNB of 4481 BNB. The remaining 2,000 BNB was converted to 550,000 BSC-USD. The attacker subsequently transferred 400 BNB to the popular coin mixing service Tornado Cash.

DeFi protocol falls victim to New Free DAO instant credit attack
Funds transferred by NFT attacker to Tornado Cash. Source: BSC Scan

Soruce :

Leave a comment

SMM Panel PDF Kitap indir