Akropolis Cryptocurrency Lending Service Lost $2 Million to Hackers In A Cyber Attack

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Despite being around for years, securing cryptocurrency assets continues to be a challenge. Hence, joining the list of cryptocurrency attack victims, Akropolis emerges as the latest target. Reportedly, hackers stole $2 million worth of assets from Akropolis cryptocurrency service in a recent cyber attack.

Akropolis Service Suffered Cyber Attack

Cryptocurrency lending and borrowing service Akropolis has recently suffered a cyber attack. The hackers managed to infiltrate their systems and steal $2 million worth of cryptocurrency assets.

According to Acropolis, the service faced a ‘flash loan attack’ earlier this week. In a flash loan attack, the attackers apparently enter the system to loan funds. Later, they meddle with the code or use known exploits to bypass the loan process and steal funds.

As Akropolis elaborated in a notice on their website,

We noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Curve Y and Curve sUSD pools…
The essence of the exploit in question is a combination of a re-entrancy attack with dYdX flash loan origination.

In a subsequent update, They also disclosed the attackers’ wallet address.

Also, they elaborated on the two vulnerabilities that triggered the attack and the subsequent los of assets.

There exist two bugs related to the Deposit flow:
1. No check that tokens deposited are actually the ones registered in our contracts.
2. Re-entrance issue with “transferFrom” function which an attacker was able to exploit because of first bug.

Investigation Underway

Following the incident, Akropolis involved two independent firms to audit the pools. Also, as they investigated the matter, they confirmed that all other pools, except Curve Y and Curve sUSD pools, remained unaffected.

Moreover, they also informed other exchanges and involved security experts for resolution.

Besides, to avoid such incidents in the future, they have fixed the vulnerabilities. The patches include implementation of a check on the incoming tokens and applying Reentrancy Guard to block re-entrance attacks.

Additionally, they deployed some other fixes to ensure secure transactions in the future.

As for the losses, Akropolis is exploring strategies to reimburse the affected users safely.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!