Akropolis To Refund Customers After Hacker Stole $2 Million Worth Cryptocurrency from The DeFi Protocol

On November 12, Akropolis cryptocurrency lending and borrowing service announced that a hacker used a flash loan to attack the DeFi platform and managed to steal about $2 million worth of DAI stablecoin cryptocurrency. Akropolis managers have therefore stopped all transactions on the platform so that to prevent any further loss.

Akropolis is a DeFi saving and lending service provider that enables users to generate yield and take out loans on cryptocurrency deposits. The hacker exploited the saving part of the service, which uses Curve protocol.

Akropolis stated that it has hired two security companies working on investigations of the incident.  However, the firms have not been able to identify the attack vector used by the perpetrator to obtain illegal access to the protocol. The security companies identified the source of unauthorized intrusion as a flash loan attack.

The good thing is that Akropolis mentioned that it has already identified an Ethereum account address tied to the attacker. The contract address made multiple dYdX flash loan attacks on Akropolis’ sUSD and YCurve savings pools before sending $2 million worth of DAI cryptocurrency to another address.  The company would use the account to track funds moved across the blockchain.

 The DeFi protocol said that it has already given notifications to other leading crypto exchanges regarding the cyberattack and the hacker’s wallet as an effort to have the money stolen frozen and prevent the hacker from laundering those funds into other cryptocurrencies across cryptocurrency exchanges, loss of investigators tracking actions, and withdrawal of the funds from the hacker’s wallets.

Akropolis stated that it is currently looking at ways to refund users for their loss.   

Flash Loan Attacks Causing Massive Losses in DeFi Ecosystem

Flash loan is an emerging service within the decentralized finance ecosystem that allows users to instantly borrow funds as no collateral needed to access the loans. Such unsecured loans offer a new source of profit in the DeFi landscape.  However, malicious actors try to use borrowed money to manipulate the decentralized finance market – recognized as flash loan attacks.

The attacks have become common against crypto services running DeFi platforms. Normally, flash loans attacks occur when hackers loan funds from a DeFi platform (such as Akropolis), but utilize exploits within the platform code to escape the loan mechanism and run away with the funds. Since February this year, cases of flash loan attacks have been rising in numbers. Last month experienced one of the largest flash loans attacks when hackers stole $24 million in stablecoin from Harvest Finance DeFi protocol.