Decentralized lending network Ola Finance has lost about $3.6 million on the Fuse Network, one of the many blockchains it operates on, after an unknown hacker took advantage of a re-entrancy vulnerability in one of its smart contracts. Hacker Took Advantage of a Re-Entrancy Bug PeckShield, blockchain security, and data analytics company, unveiled in a Twitter thread on how the attackers managed to drain Ola finance’s liquidity. As per PeckShield’s analysis, the attack became possible after the hacker took advantage of a re-entrancy bug in one of Ola’s smart contracts. 1/ The @ola_finance is exploited in a flurry of txs, leading to the gain of ~$3.6M for the hacker (the protocol loss is larger). Here is an example hack tx: https://t.co/9JfnBr9pfL — PeckShield Inc. (@peckshield) March 31, 2022 The attacker began by withdrawing funds using Tornado Cash which allowed him/her to transfer the crypto without leaving a trace. After transferring the funds to the Fuse network, the borrower used them as collateral for issuing loans on Ola’s lending platform. The attacker was then able to remove the collateral without paying back the loan by taking advantage of the re-entrancy bug. The hacker repeated this process several times across different Ola pools. Lastly, they transferred the drained funds to wallets on Ethereum and BNB Chain. DeFi Hacking Spree Continues Ola has paused its lending protocol on the Fuse network and that it will soo...
