VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The DeFi lending platform Aave was attacked due to a contract vulnerability. The attack occurred in a smart contract outside of Aave's core protocol, which is used to allow users to repay loans using existing collateral. The attacker exploited an arbitrary call error, successfully stealing around $56,000 from these various contracts. Aave representatives emphasized that the attack posed no risk to user funds and did not affect the security of the core Aave protocol. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 56,000.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Aave
- bug_class
- external-call
- date_occurred
- 2024-08-28
- loss_usd
- $56,000
- source_id
- sm:aave::2024-08-28
Related — same bug class· external-call