Attackers have exploited a vulnerability within the Opyn ETH Put contract to stroll away with greater than $370,000.One of many first members of Cr
Attackers have exploited a vulnerability within the Opyn ETH Put contract to stroll away with greater than $370,000.
One of many first members of Crypto Twitter to report on the theft, DegenSpartan, acknowledged on Aug. Four that the merchants used flash loans to purchase Ethereum Put oTokens (oETH) from Uniswap. They then reportedly selected an ERC20 token — on this case, USD Coin (USDC) — as collateral and exercised the buying and selling possibility.
The consequence was reportedly a double switch which successfully “stole” the collateral. In accordance with blockchain data, the attackers acquired each their unique Ethereum (ETH) deposits and USDC choices.
In a Aug. Four weblog from Opyn, the platform estimates losses from the exploit at 371,260 USDC however mentioned this quantity could change.
“This exploit allowed an attacker to ‘double train’ oTokens and steal the collateral posted by sure sellers of those places.”
Pulling liquidity shortly
Opyn realized one thing was taking place throughout the day and issued a press release on Twitter, saying it had eliminated liquidity from Uniswap throughout its investigation.
Hey all, it looks as if there was a difficulty with some oTokens contracts. We’re working laborious on understanding this challenge so we will let assist customers as finest we will. Now we have eliminated liquidity from Uniswap in the meanwhile. Can be finest to not open new vaults in the mean time.
— opyn (@opyn_) August 4, 2020
Making an attempt to forestall additional abuse of this loophole, Opyn recovered 439,170 USDC of collateral from excellent vaults utilizing a white hat hack, successfully returning it to Put sellers. Nonetheless, some customers have been nonetheless understandably upset on the loss and delayed response:
Screenshots from Opyn Discord chat
In accordance with Opyn co-founder Alexis Gauba in a Discord chat session, the platform has supplied to purchase any ETH Put oTokens “at above market costs,” which she mentioned have been 20% above the very best ask worth at Deribit.
“This solely applies to oTokens that have been purchased earlier than as we speak,” Gauba mentioned. The final replace she posted acknowledged Opyn was engaged on a plan “to mitigate influence for ETH put sellers.”