Avalanche-based DeFi staking platform – Nereus Finance – has suffered a flash loan arbitrage attack. Decentralized exchange (DEX) Trader Joe and DeFi platform Curve Finance are also rumoured to have been impacted by the event that was executed around 3:26 pm ET on 6th September 2022. Both Avalanche and Nereus have not yet released an official statement regarding the exploit.

Head of Research at Uphold – Dr. Martin Hiesboeck cited on-chain data from Snowtrace that revealed that the attacker launched the exploit with a $51 million flash loan. These funds were then used to execute a flash loan attack that manipulated the pricing of tokens on the platform.

The attackers behind the attack did pay back the $51 million loan but they still had $370,000 worth of USDC stablecoin after the completion of the arbitrage trade. The attacker then reportedly transferred the stolen funds from the Avalanche blockchain to the Ethereum network, after which the bridged funds were swapped into 194 ETH and 15,800 DAI.

CertiK’s on-chain security software Skynet disclosed in a recently published report that more than $2.33 billion had been lost to various scams and exploits in the Web 3 space. A total of nearly 377 attacks have been recorded so far this year. August alone recorded 44 attacks, with 33 being exit scams and 7 flash loan attacks, among others.

Even as flash loans continue to be a major Achilles heel for the ecosystem, Skynet’s report stated that these attacks have decreased significantly compared to July 2022. In fact, a 95% drop was seen for these sorts of attacks cumulating to a $745k loss, the second lowest number logged this year after February 2022.

Featured Image Source: www.techxplore.com