VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Hackers took advantage of the storage asset verification flaws in the Akropolis project of the Polkadot ecosystem to launch multiple consecutive reentry attacks on the contract, causing the Akropolis contract to issue a large number of pooltokens out of thin air without new asset injection, and then reuse these pooltokens. Withdrawing DAI from the YCurve and sUSD pools resulted in the loss of 2.03 million DAI in the project contract. Attack method (per SlowMist): Reentrancy Attack. Reported loss: $ 2,030,000.
Primary source
https://cointelegraph.com/news/akropolis-defi-protocol-paused-as-hackers-get-away-with-2m-in-dai ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Akropolis
- bug_class
- reentrancy
- date_occurred
- 2020-11-13
- loss_usd
- $2,030,000
- source_id
- sm:akropolis::2020-11-13
Related — same bug class· reentrancy