Business News Report
August 18, 2023

Crypto Lending Protocol Exactly Falls Victim to $12M Bridge Exploit

In Brief

Exactly, a crypto lending protocol, has lost more than $12 million worth of ETH following a bridge exploit.

Web3 security firm De.FI identified two exploiter contracts that stole over 7,160 ETH.

The exploit involves funding an exploiter contract on Ethereum, moving deposits to Optimism, and then bridging the stolen funds back to Ethereum.

Crypto Lending Protocol Exactly Falls Victim to $12M Bridge Exploit

Exactly, a crypto lending protocol, has lost more than $12 million worth of ETH following a bridge exploit.

The attack was first spotted by blockchain security company, Peckshield, which brought it to Exactly’s attention. 

Following that, Exactly said that it is actively investigating the issue and has temporarily paused the protocol. However, users can still withdraw their assets.

De.Fi, a Web3 security firm, has taken the initiative to investigate the exploit independently. The firm’s investigation revealed the presence of two exploiter contracts that managed to abscond with a staggering 7,160 ETH, equivalent to more than $12 million in value.

The strategy employed by the attackers involves the creation of an exploiter contract on the Ethereum network. This contract is funded initially, deposits are then shifted to the Optimism network, and then routed back to Ethereum through a bridging mechanism, according to De.Fi.

The two exploiter contracts executed three transactions, transferring substantial sums of 910 ETH, 226,731 USDC, and 2,643,414 USDC. Moreover, De.Fi’s investigation uncovered a series of additional transactions, with some involving the bridging of 1,500 ETH using the Across Protocol.

Exactly’s native token, EXA, has plummeted more than 37% from $6.43 to its current value of $4.11, per CoinMarketCap.

DeFi protocols have been experiencing a series of exploits in recent months. In June, Atomic Wallet was hacked, resulting in $35 million allegedly stolen by North Korea’s Lazarus Group.

In July, cross-chain router protocol Multichain ceased operations after suffering an exploit that led to a loss of $126 million. Nearly $120 million came from Multichain’s Fantom bridge, according to Chainalysis.

The final week of the same month saw EraLend, a crypto lending protocol, facing a $3.4 million setback due to a zkSync exploit. 

Similarly, Curve Finance, a DeFi protocol, suffered a significant loss of more than $47 million due to a re-entrancy vulnerability traced back to Vyper—a Pythonic programming language designed for the Ethereum Virtual Machine.

These incidents raise concerns about the vulnerability of crypto lending platforms and the broader DeFi ecosystem, which has been unable to safeguard themselves from these attacks.

Per a report by blockchain analytics firm TRM Labs published today, North Korea has stolen $200 million in cryptocurrency, accounting for over 20% of all stolen crypto this year.

“In recent years, North Korea has almost exclusively targeted the DeFi ecosystem. Cross-chain bridges, which hold increasing volume, are a continued target,” TRM Labs wrote.

As the investigation into this attack continues, Exactly said that its team will provide more details in due time.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via cindy@mpost.io with press pitches, announcements and interview opportunities.

More articles
Cindy Tan
Cindy Tan

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via cindy@mpost.io with press pitches, announcements and interview opportunities.

Hot Stories

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024
Join Our Newsletter.
Latest News

Custom HTML

by Valentin Zamarin
August 08, 2024

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024

Supply and Demand Zones

Cryptocurrency, like any other currency, is a financial instrument based on the fundamental economic principles of supply ...

Know More

Top 10 Crypto Wallets in 2024

With the current fast-growing crypto market, the significance of reliable and secure wallet solutions cannot be emphasized ...

Know More
Read More
Read more
Custom HTML
News Report
Custom HTML
August 8, 2024
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
Business News Report
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
March 29, 2024
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
News Report Technology
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
March 29, 2024
Vitalik Buterin Advocates For Memecoins’ Potential In Crypto Sector, Favors ‘Good Memecoins’
News Report Technology
Vitalik Buterin Advocates For Memecoins’ Potential In Crypto Sector, Favors ‘Good Memecoins’
March 29, 2024