Price Manipulation Exploit on Debank. Note: Do not panic, the issue is being fixed.
19 Jun 2022, 13:43
Price Manipulation Exploit on Debank.
Note: Do not panic, the issue is being fixed.
About 17hrs ago, an exploiter took advantage of a vulnerability in DeBank custom's price smart contract.
The exploiter was able to take a total of about $23,616 in stable coins from BSC and from Polygon.
How was it exploited?
1. The exploiter took a flash loan from Aave
2. Used the flash loan to buy ETNA from pancakeswap and polygon respectively
3. Due to the volume, the purchase momentarily increased the price of Etna by over 100x
4. With some etna already deposited as collateral, exploiter took loans within the same flash loan transaction which was 100x more than what is collateral worth
5. the Etna purchase was then sold and the flash loan returned.
1-5 all took place within the flashloan and as a result occured in an instant.
The transactions are:
BSC:
Polygon:
PLEASE DO NOT PANIC, IT IS A VULNERABILITY THAT IS INHERENT FOR TOKENS WITH LOW VOLUME AND FEW EXCHANGES IF ADDED AS COLLATERAL.
We have temporarily changed the prices of collateral to manual mode and we are fixing this vulnerability
You do not need to do anything at this time, just be patient with us as withdrawals will not be possible until we are done fixing it.
We estimate that all will go back to normal operation in 72hrs time
Thanks for Understanding
Same news in other sources
119 Jun 2022, 13:43
Price Manipulation Exploit on Debank.
Note: Do not panic, the issue is being fixed.
About 17hrs ago, an exploiter took advantage of a vulnerability in DeBank custom's price smart contract.
The exploiter was able to take a total of about $23,616 in stable coins from BSC and from Polygon.
How was it exploited?
1. The exploiter took a flash loan from Aave
2. Used the flash loan to buy ETNA from pancakeswap and polygon respectively
3. Due to the volume, the purchase momentarily increased the price of Etna by over 100x
4. With some etna already deposited as collateral, exploiter took loans within the same flash loan transaction which was 100x more than what is collateral worth
5. the Etna purchase was then sold and the flash loan returned.
1-5 all took place within the flashloan and as a result occured in an instant.
The transactions are:
BSC:
Polygon:
PLEASE DO NOT PANIC, IT IS A VULNERABILITY THAT IS INHERENT FOR TOKENS WITH LOW VOLUME AND FEW EXCHANGES IF ADDED AS COLLATERAL.
We have temporarily changed the prices of collateral to manual mode and we are fixing this vulnerability
You do not need to do anything at this time, just be patient with us as withdrawals will not be possible until we are done fixing it.
We estimate that all will go back to normal operation in 72hrs time
Thanks for Understanding
Price Manipulation Exploit on Debank. Note: Do not panic, the issue is being fixed.
Price Manipulation Exploit on Debank.
Note: Do not panic, the issue is being fixed.
About 17hrs ago, an exploiter took advantage of a vulnerability in DeBank custom's price smart contract.
The exploiter was able to take a total of about $23,616 in stable coins from BSC and from Polygon.
How was it exploited?
1. The exploiter took a flash loan from Aave
2. Used the flash loan to buy ETNA from pancakeswap and polygon respectively
3. Due to the volume, the purchase momentarily increased the price of Etna by over 100x
4. With some etna already deposited as collateral, exploiter took loans within the same flash loan transaction which was 100x more than what is collateral worth
5. the Etna purchase was then sold and the flash loan returned.
1-5 all took place within the flashloan and as a result occured in an instant.
The transactions are:
BSC: https://bscscan.com/tx/0xf31d035b6de6b7147a8e201f199715d01f1d036575ee8edbbd6a19f8fd350181
Polygon: https://polygonscan.com/tx/0x0ba2d335031bd629b73c18270585cc4c85f4bad4a71371e54e5e054f683680da
PLEASE DO NOT PANIC, IT IS A VULNERABILITY THAT IS INHERENT FOR TOKENS WITH LOW VOLUME AND FEW EXCHANGES IF ADDED AS COLLATERAL.
We have temporarily changed the prices of collateral to manual mode and we are fixing this vulnerability
You do not need to do anything at this time, just be patient with us as withdrawals will not be possible until we are done fixing it.
We estimate that all will go back to normal operation in 72hrs time
Thanks for Understanding