DeFi Project Akropolis Drained of $2M in DAI

Decentralized finance platform Akropolis’ yCurve pools have been drained resulting in the loss of $2 million.

AccessTimeIconNov 12, 2020 at 7:51 p.m. UTC
Updated Sep 14, 2021 at 10:30 a.m. UTC

Decentralized finance (DeFi) platform Akropolis has suffered a $2 million loss following a re-entrancy attack utilizing a flash loan from derivatives platform dYdX, according to Akropolis founder and CEO Ana Andrianova.

  • The attacker pulled out tranches of $50,000 in DAI from the project’s yCurve and sUSD pools, according to The Block researcher Steven Zheng and Andrianova. The attacker collected $2 million worth of the stablecoin before exhausting the pools.
  • A re-entrancy attack allows a user to withdraw more funds from a contract than the contract holds. Ethereum's 2016 The DAO hack was also a re-entrancy attack.
  • Akropolis’ Delphi savings pool was audited twice, the team said in the Discord, once by CertiK and also by firms SmartDec and Pessimistic.
  • Andrianova told CoinDesk an autopsy of the attack will be released Friday.

Update (November 12, 22:00 UTC): New communications from Akropolis including the type of attack have been added.


Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.