Decentralized finance (DeFi) platform Akropolis has suffered a $2 million loss following a re-entrancy attack utilizing a flash loan from derivatives platform dYdX, according to Akropolis founder and CEO Ana Andrianova.

  • The attacker pulled out tranches of $50,000 in DAI from the project’s yCurve and sUSD pools, according to The Block researcher Steven Zheng and Andrianova. The attacker collected $2 million worth of the stablecoin before exhausting the pools.
  • A re-entrancy attack allows a user to withdraw more funds from a contract than the contract holds. Ethereum's 2016 The DAO hack was also a re-entrancy attack.
  • Akropolis’ Delphi savings pool was audited twice, the team said in the Discord, once by CertiK and also by firms SmartDec and Pessimistic.
  • Andrianova told CoinDesk an autopsy of the attack will be released Friday.

Update (November 12, 22:00 UTC): New communications from Akropolis including the type of attack have been added.

Read more about...

DeFiExploitsAkropolis
Disclosure
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.