The total value of assets locked on the decentralized exchange (DEX) WOOFi plunged by nearly 20% to $45 million after it confirmed it was exploited via a flashloan attack.
The hack
Earlier today, WOOFi detailed how it fell victim to a hacking episode within 13 minutes.
The project explained that a hacker diligently manipulated its Synthetic Proactive Market Making (sPMM) algorithm by orchestrating a series of flash loans.
Leveraging the platform’s low liquidity, the hacker significantly disrupted the price of the WOO token by borrowing approximately 7.7 million WOO tokens alongside other assets and dumped them on the platform.
This maneuver triggered an erroneous valuation of the project’s native token, WOO, plummeting its price almost to zero.
Exploiting this pricing anomaly, the attacker swiftly exchanged 10 million WOO tokens at minimal costs and repeated this process three times to accrue substantial illicit profits of $8.75 million.
WOOFi said its transaction monitoring system, alongside other vigilant security teams within the crypto community, promptly detected this anomaly. Consequently, the platform’s Swap’s smart contracts were swiftly suspended to mitigate further losses and instigate a comprehensive investigation.
Recovery efforts
WOOFi has disclosed ongoing efforts to reclaim the stolen funds from the hacker. The project has announced a 10% bounty incentive for the hacker, should they operate as a white hat.
Meanwhile, the project stated that other WOOFi contracts, including WOOFi Stake, Earn, and Pro, were unaffected and remain fully functional.
In addition, WOOFi is actively soliciting further details regarding the exploit, offering a bounty through Arkham Intelligence for individuals who furnish pertinent information.
“We aim to have WOOFi Swap fully functional again within the next two weeks. This is the first time an incident like this has happened to us, and we want to make sure it doesn’t happen again,” It added.
Following the incident, WOO is down 10% and trades at $0.5315 as of press time.