Price manipulation is the problem, as Peckshield put it in a tweet.
Peckshield’s blog post revealed that the vulnerability had been reported by Chainsecurity.
On October 24th, Quickswap detailed how a $220,000 hack occurred in the Market XYZ lending market. Quickswap Lend is closing, the team announced on Monday through their official Twitter account.
The team further stated:
“$220K was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which [Market XYZ] was using. Only the Market XYZ lending market was compromised. Quickswap’s contracts are unaffected.”
DeFi Exploit on Steep Rise
Quickswap further elaborated by saying that Market XYZ’s first seed funding came from Qi Dao, and that “no user funds were compromised.” In light of the impending deprecation of Quickswap Lend, the DEX is advising customers who have funds in Market XYZ’s open marketplaces to withdraw them immediately.
Following the recent Olympus DAO breach and the compromise of Mango Markets, hackers have turned their attention to Quickswap. Like many other recent DeFi operations, Olympus was able to negotiate with the hacker and recover the stolen monies. Earlier this month research by Chainalysis that revealed hackers had stolen over $3 billion from 125 hacks using flaws.
Price manipulation is the problem, as Peckshield put it in a tweet. According to Peckshield’s blockchain security specialists, “The Mimatic market uses Curvepooloracle for price feed, which is manipulated to borrow funds from the market.”
Mimatic (MAI) was developed by Qi Dao, the originator of the seed capital for the Market XYZ lending market. After the attack, Peckshield’s blog post revealed that the vulnerability had been reported by Chainsecurity, a blockchain security firm and Web3 auditor.