in the Avalanche ecosystem. Defrost Financeannounced that both versions (Defrost V1 and Defrost V2) are being investigated due to a hacking incident.
The announcement comes after investors reported that they lost Defrost Finance (MELT) and Avalanche tokens staked from MetaMask wallets.
Hack Attack on Defrost Finance
After several users lost funds, core team member of Defrost Finance Doran confirmed that Defrost V2 has been attacked by a flash loan. At the time, the platform believed Defrost V1 was unaffected and decided to shut down V2 for further investigation.
Blockchain researcher PeckShield found that the hacker manipulated the share price of LSWUSDC, resulting in approximately $173k in earnings for the hacker. PeckShield’s statement included:
“Our analysis shows that a fake collateral token was added and a malicious oracle was used to liquidate existing users. The loss is estimated at more than $12 million.”
Defrost Finance is sad to announce that our V2 has suffered a hack, with an attacker using a flash loan function to withdraw funds.
The V1 is not affected. We will soon close the V2 UI and investigate further with our tech team.
Updates will be posted on our official channels.
— Defrost Finance 🔺 (@Defrost_Finance) December 24, 2022
Defrost V1 was initially declared unaffected by the attack, as the first version of Defrost did not have flash loan functionality. However, the platform later acknowledged that there was an emergency for V1 as well, saying:
“Our team is currently doing research. We ask the community to wait for updates and refrain from using V1 or V2 for now.”
The Defrost Finance team is currently investigating the situation and updates will reach users through official channels.
What is Flash Loan Attack?
Flash Loan attack is carried out by malicious users by abusing and manipulating the Flash Loan system.
Flash Loan attacks are situations in which the debtor convinces the other party that the debt has been paid, even if the debt has not been fully repaid.
