1 Wise Lending underwent an exploit, 170 Ether drained to an unverified contract address.
2 Oracle price exploit using flash loans emerged as a major reason behind the hack.
Hackers added one more exploit to the list, draining over $440K worth of crypto from Wise Lending, a Web3 lending app, and yield aggregator. On January 12, an unverified contract address ending with d82c was witnessed for draining over 170 Ether along with multiple other tokens. The hackers are expected to manipulate an Oracle price through a flash loan to carry out the hack. Etherescan data and analysis by multiple security experts confirmed the same.
What Actually Happened with Wise Lending?
A post on X by Pseudonymous blockchain security researcher Spreek stirred the crypto community, especially Wise Lending. “Looks like Wise Lending exploited for over 170 ETH”, posted Spreek.
Another researcher revealed the major cause behind the exploit. “7% swing in price between stETH and ETH in a specific pool caused the vulnerability, resulted in b/c of AAVE v2 stETH flash loan”, the researcher added.
Within 10 seconds, the attacker made a big move, along with ETH, moved $9,000 in USD Coin (USDC), $5,000 in Dai (DAI), $2,000 in Tether (USDT), $47,694 in Wrapped Ether (WETH) and a few of tokens linked to Pendle Finance.
According to security experts, hackers may have exploited an Oracle price using a flash loan. Over 1,110 Lido Staked Ether (stETH) tokens worth $2.9 Million were borrowed by hackers from the Aave lending protocol. Flash loans are used by attackers to manipulate Oracle prices.
However, Wise Lending has not yet made any response to the incident.
The Hacking Trend in Web3 Ecosystem
The rug pulls and hacks are not new to the crypto world but indicate a need for improved and advanced security. Radiant Capital, a cross-chain lending protocol encountered a theft of 1900 ETH, which is valued at around $4.5 Million. After the incident, Radiant halted borrowing and lending.
Additionally, Onyx Protocol lost over $2 Million in November 2023 whereas Euler Finance drained $197 Million in March 2023 in flash loan attacks. The repeated patterns of exploits and hacks caused increased concerns within the crypto community.
Furthermore, the exploits heavily affected the Web3 platforms as per the Web3 bug bounty platform Immunefi. The Web3 ecosystem bears a loss of around $1.2 Billion between January to August 2023. In July, the Web3 platform compromised over $320 Million, and around $2.4 Million in August 2023.
In addition, the DeFi platform has suffered most of the incidents. In August 2023, DeFi suffered around $23.4 million in total losses through 17 incidents whereas CeFi witnessed no loss. The data thus, showcase a strong need for security advancement in the DeFi industry.
Wise Lending is a decentralized liquidity market that operates as a crypto lending platform as well as a yield farm aggregator. The platform permits users to supply digital assets and begin earning, specializing in long and short-term financing.