Decentralized finance (DeFi) platform Akropolis has suffered a $2 million loss following a re-entrancy attack utilizing a flash loan from derivatives platform dYdX, according to Akropolis founder and CEO Ana Andrianova.
- The attacker pulled out tranches of $50,000 in DAI from the project’s yCurve and sUSD pools, according to The Block researcher Steven Zheng and Andrianova. The attacker collected $2 million worth of the stablecoin before exhausting the pools.
- A re-entrancy attack allows a user to withdraw more funds from a contract than the contract holds. Ethereum's 2016 The DAO hack was also a re-entrancy attack.
- Akropolis’ Delphi savings pool was audited twice, the team said in the Discord, once by CertiK and also by firms SmartDec and Pessimistic.
- Andrianova told CoinDesk an autopsy of the attack will be released Friday.
Update (November 12, 22:00 UTC): New communications from Akropolis including the type of attack have been added.