WOOFi faces $8.75M exploit on Arbitrum, offers bounty for return of funds

Decentralized finance platform WOOFi has experienced a $8.75 million exploit targeting its swap service on the Arbitrum network.

The incident unfolded on Tuesday at 10:49 am ET when an unidentified attacker skillfully manipulated WOOFi’s Synthetic Proactive Market Making (sPMM) algorithm using flash loans.

Breakdown of the WOOFi exploit

According to a post-mortem report released by the DeFi platform, the attacker, seizing the opportunity presented by low liquidity, executed a series of transactions, borrowing 7.7 million WOO tokens and other assets.

By selling the borrowed WOO tokens on the WOOFi platform, the assailant triggered a miscalculation in the sPMM algorithm, leading to an incorrect valuation of WOO tokens, at nearly zero prices.

This manipulation allowed the exploiter to swap out 10 million WOO tokens at minimal costs, repeating the process thrice and amassing substantial gains before detection.

The anomaly was, however, swiftly identified by WOOFi’s transaction monitoring system and other crypto security teams, prompting the suspension of WOOFi Swap’s smart contracts by 11 am ET.

In response to the breach, WOOFi has offered the attacker a 10% white hat bounty as an incentive for the return of the stolen funds. The bounty has been placed on Arkham Intelligence for anyone who can provide additional information.

The platform is committed to collaborating with leading security firms to address and rectify vulnerabilities before redeploying the WOOFi Swap contracts.

Today’s attack marks the first such incident for the DeFi platform, and the team has stated that they are determined to prevent its recurrence.

Market impact

The aftermath of the exploit saw an 18% drop in the price of each WOO token across various exchanges, from $0.59 to $0.49.

However, the token has since rebounded to above $0.54, showcasing resilience in the face of adversity. The token is, however, still 6.43% down in a day.

Notably, other WOOFi products like WOOFi Stake, Earn, and Pro remain unaffected and operational.

As WOOFi navigates the aftermath, the incident underscores the importance of continuous vigilance, robust security measures, and collaboration with top-notch security firms in the evolving landscape of decentralized finance.

The post WOOFi faces $8.75M exploit on Arbitrum, offers bounty for return of funds appeared first on Invezz