On April 18, it was known that a hacker attacked the log of decentralized financing (DeFi) Uniswap, one of the market leaders stealing $ 300,000 in funds ether y Bitcoin tokenized.
This has been reported by the media Bitcoinist, which is another mistake when using DeFi for the second most important blockchain in the ecosystem, Ethereum.
A hacker attacks the application DeFi Uniswap
According to the specialist in DeFi and developers of BlockchainJulien Bouteloup The attacker was able to empty the group TokenIon, based on the liquidity market of Uniswap, Theft of more than $ 300,000. The funds are divided into ETH and a tokenized version of Bitcoin based on Ethereumcall in the BTC.
The TokenIon group from ImBTC in Uniswap was attacked and drained. The simple attack vector in Uniswap [les permitió] steal over $ 300,000 from ETH + BTC
The vulnerability was described 16 months ago: https://t.co/a3AiJyY969.
The vulnerability was described 16 months ago: https://t.co/a3AiJyY969 https://t.co/MKC2jNP1Y4 pic.twitter.com/cXOVu6le3P
– Julien Bouteloup (@bneiluj) April 18, 2020
A lot to improve DeFi
He said Bitcoinist that an “autopsy” of the event has not yet been published. An audit was performed 16 months ago and published in Github, resulted in a security hole: he exploit involves an attacker who “fake exchange“Similar protocol Uniswap original.
Bitcoinist He continued that the attacker could manipulate from there Uniswap practically at will, so the price of an asset in the original group is very cheap. This way you can buy coins at a much lower price than their actual market value.
The middle Publish0x, in the meantime sharply criticized Uniswap for failure to comply with certain provisions regarding in the BTC.
ERC-777 as used by imBTC has never been supported by Uniswap v1 and this is in the public domain.
I wonder why Uniswap doesn’t have user interface warnings for this kind of exploitable action.
Another one for the list
Chop in Uniswap is not the first in the crypto arena, he notes Bitcoinist. But apparently it won’t be the last either.
During the industry DeFi was critical for the blockchain Ethereum In 2019, the risk seems to exist as long as users are able to make big profits by taking advantage of protocol errors DeFi based on Ethereumsaid the medium.
As reported DailyBitcoin in February the protocol bZx suffered two attacks a few days apart. The two attacks weren’t exactly the same, but the nature of both was the same.
The attacks saw users of bZx Lose $ 300,000 the first time in the middle of the event EthDenver and about $ 650,000 on the second chance the next day, for a total loss of nearly $ 1 million.
The Coinbase USDC Startup Fund invests $ 1.1 million in platforms DeFi Uniswap and PoolTogether
Uniswap announces its next iteration Uniswap v2, will be released in the second quarter of 2020
DeFi hits $ 1 billion milestone on blocked funds
Attackers could steal all collateral in MakerDAO
Sources: Bitcoinist, Publish0x, archive DailyBitcoin.
Report by Arnaldo Ochoa / DailyBitcoin.