Share this article
DeFi Project Akropolis Drained of $2M in DAI
Decentralized finance platform Akropolis’ yCurve pools have been drained resulting in the loss of $2 million.
Updated Sep 14, 2021, 10:30 a.m. Published Nov 12, 2020, 7:51 p.m. 1 min read
Decentralized finance (DeFi) platform Akropolis has suffered a $2 million loss following a re-entrancy attack utilizing a flash loan from derivatives platform dYdX, according to Akropolis founder and CEO Ana Andrianova.
- The attacker pulled out tranches of $50,000 in DAI from the project’s yCurve and sUSD pools, according to The Block researcher Steven Zheng and Andrianova. The attacker collected $2 million worth of the stablecoin before exhausting the pools.
- A re-entrancy attack allows a user to withdraw more funds from a contract than the contract holds. Ethereum's 2016 The DAO hack was also a re-entrancy attack.
- Akropolis’ Delphi savings pool was audited twice, the team said in the Discord, once by CertiK and also by firms SmartDec and Pessimistic.
- Andrianova told CoinDesk an autopsy of the attack will be released Friday.
Not quite, we will publish a detailed retro shortly. Two attack vectors have unfortunately been missed despite two audits. I will link a post-mortem and next steps here.
— Ana A. (@ana_andrianova) November 12, 2020
Update (November 12, 22:00 UTC): New communications from Akropolis including the type of attack have been added.
More For You
The campaign targets crypto, DeFi, AI and security developers with fake tooling packages to steal wallets, SSH keys, GitHub tokens, cloud credentials and browser data.
What to know:
- A newly discovered supply-chain campaign called TrapDoor has planted more than 34 malicious packages across npm, PyPI and Crates.io to target crypto and cloud developers.
- The packages, disguised as mundane developer utilities and security tools, were designed to steal SSH keys, wallet files, AWS credentials, GitHub tokens, browser data and...
Top Stories
