DeFi Project Akropolis Drained of $2M in DAI

Decentralized finance platform Akropolis’ yCurve pools have been drained resulting in the loss of $2 million.

Nov 12, 2020 at 7:51 p.m. UTC
Updated Sep 14, 2021 at 10:30 a.m. UTC

Decentralized finance (DeFi) platform Akropolis has suffered a $2 million loss following a re-entrancy attack utilizing a flash loan from derivatives platform dYdX, according to Akropolis founder and CEO Ana Andrianova.

  • The attacker pulled out tranches of $50,000 in DAI from the project’s yCurve and sUSD pools, according to The Block researcher Steven Zheng and Andrianova. The attacker collected $2 million worth of the stablecoin before exhausting the pools.
  • A re-entrancy attack allows a user to withdraw more funds from a contract than the contract holds. Ethereum's 2016 The DAO hack was also a re-entrancy attack.
  • Akropolis’ Delphi savings pool was audited twice, the team said in the Discord, once by CertiK and also by firms SmartDec and Pessimistic.
  • Andrianova told CoinDesk an autopsy of the attack will be released Friday.

Update (November 12, 22:00 UTC): New communications from Akropolis including the type of attack have been added.

DISCLOSURE

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.