The scammer deployed a custom smart contract, leveraging a $51 million flash loan to manipulate the AVAX/USDC Trader Joe LP pool price for a single block.
Avalanche-based lending protocol Nereus Finance has been the victim of a crafty hack that saw a user net $371,000 worth of USD Coin (USDC) using a smart contract exploit.
Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on Sept. 6, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange Trader Joe and automated market maker Curve Finance.
CertiK also suggested that underlying protocols themselves were impacted, however, Curve Finance responded via Twitter on Sept. 7, stating “maybe you meant ‘assets impacted,’ not ‘protocols impacted’. Only @nereusfinance and its assets seem impacted.”
On Sept. 7, Nereus Finance released a detailed post-mortem of the incident explaining an “exploiter” was able to deploy a custom smart contract that utilized a $51 million flash loan from Aave to artificially manipulate the AVAX/USDC Trader Joe LP (JLP) pool price for a single block.
We've published a post-mortem on the NXUSD incident from yesterday. https://t.co/ADhu6PagP2
— Nereus Finance (@nereusfinance) September 7, 2022
Thanks @peckshield @CertiK
As a result, the anonymous hacker was able to mint 998,000 worth of Nereus' native token NXUSD against $508,000 worth of collateral. They then swapped this capital into different assets via various liquidity pools and managed to walk away with a net profit of $371,406 once the flash loan was returned.
The incident ended with to the creation of $500,000 of NXUSD “bad debt” in the NXUSD protocol.
The Nereus team says it was quick to remedy the situation; after consulting security experts, developing a mitigation plan, and notifying law enforcement, they liquidated and paused the exploited JLP market.
The bad debt was reportedly paid off using NXUSD from the team’s treasury.
According to Nereus, the exploit resulted from a “missed step” in the price calculation, resulting in the opportunity to be exploited. However, it stressed that “no users funds are at risk, and NXUSD continues to be over collateralized” and the “Lending and Borrowing protocol was not affected by this exploit.”
Nereus is also confident the same exploit won’t be possible a second time, as the team will be amending its "audit and security practices in order to ensure these types of events do not occur in the future," noting:
While this exploit is a bad incident — it’s not uncommon for protocols to face these types of battle tests.
As of this writing, the Nereus team is trying to identify the hacker and track the funds and has offered a 20% White Hat reward for the return of the funds, no questions asked.
Despite this recent flash loan exploit and several other notable incidents throughout the year, CertiK's August 2022 Monthly Skynet Alerts Report, released on Sept. 2, claims there has been a notable decrease in these types of attacks.
Compared to the previous month, August saw a drop of 95% in flash loan attacks, only resulting in a total loss of $745,244, the second lowest this year.
February still has the lowest recorded loss from flash loan exploits with only $200,000.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.
Recommended Content
Editors’ Picks
Litecoin Price Prediction: LTC tries to retake $100 resistance as miners halt sell-off
Litecoin price grazed 105 mark on Monday, rebounding 22% from the one-month low of $87 recorded during last week’s market crash. On-chain data shows sell pressure among LTC miners has subsided. Is the bottom in?
Bitcoin fails to recover as Metaplanet buys the dip
Bitcoin price struggles around $95,000 after erasing gains from Friday’s relief rally over the weekend. Bitcoin’s weekly price chart posts the first major decline since President-elect Donald Trump’s win in November.
SEC Commissioner Hester Pierce sheds light on Ethereum ETF staking under new administration
In a Friday interview with Coinage, SEC Commissioner Hester Peirce discussed her optimism about upcoming regulatory changes as the agency transitions to new leadership under President Trump’s pick for new Chair, Paul Atkins.
Bitcoin dives 3% from its recent all-time high, is this the cycle top?
Bitcoin investors panicked after the Fed's hawkish rate cut decision, hitting the market with high selling pressure. Bitcoin's four-year market cycle pattern indicates that the recent correction could be temporary.
Bitcoin: 2025 outlook brightens on expectations of US pro-crypto policy
Bitcoin price has surged more than 140% in 2024, reaching the $100K milestone in early December. The rally was driven by the launch of Bitcoin Spot ETFs in January and the reduced supply following the fourth halving event in April.
Best Forex Brokers with Low Spreads
VERIFIED Low spreads are crucial for reducing trading costs. Explore top Forex brokers offering competitive spreads and high leverage. Compare options for EUR/USD, GBP/USD, USD/JPY, and Gold.