Share this article
DeFi Project Akropolis Drained of $2M in DAI
Decentralized finance platform Akropolis’ yCurve pools have been drained resulting in the loss of $2 million.
Updated Sep 14, 2021, 10:30 a.m. Published Nov 12, 2020, 7:51 p.m. 1 min read
Decentralized finance (DeFi) platform Akropolis has suffered a $2 million loss following a re-entrancy attack utilizing a flash loan from derivatives platform dYdX, according to Akropolis founder and CEO Ana Andrianova.
- The attacker pulled out tranches of $50,000 in DAI from the project’s yCurve and sUSD pools, according to The Block researcher Steven Zheng and Andrianova. The attacker collected $2 million worth of the stablecoin before exhausting the pools.
- A re-entrancy attack allows a user to withdraw more funds from a contract than the contract holds. Ethereum's 2016 The DAO hack was also a re-entrancy attack.
- Akropolis’ Delphi savings pool was audited twice, the team said in the Discord, once by CertiK and also by firms SmartDec and Pessimistic.
- Andrianova told CoinDesk an autopsy of the attack will be released Friday.
Not quite, we will publish a detailed retro shortly. Two attack vectors have unfortunately been missed despite two audits. I will link a post-mortem and next steps here.
— Ana A. (@ana_andrianova) November 12, 2020
Update (November 12, 22:00 UTC): New communications from Akropolis including the type of attack have been added.
Meer voor jou
Ronghui Gu shares tips on how to isolate AI agents while testing them so they do not have access to critical personal information or digital assets.
Wat u moet weten:
- Security firm CertiK warns that the rapid deployment of autonomous AI agents, often unisolated and unvetted, is creating a massive and dangerous “security debt” across networks and applications.
- By granting AI agents access to local files, credentials and financial tools, users are effectively creating powerful insider threats that can be...
Top Stories
