Cryptocurrency platform Midas Capital has released a statement regarding a $660,000 hack. The attacker used a flash credit exploit on a new collateral option for the Jarvis Network pool. The team reached out to the attacker and offered a bug bounty in the hopes that the funds would be returned.
Cryptocurrency platform Midas Capital has been hacked!There are losses
DeFi lending and borrowing platform Midas Capital has been hacked for $660,000 after an attacker used a flash loan exploit on the Jarvis Polygon pool. Midas Capital released an autopsy on the $660,000 abuse he suffered on January 16. The platform has stopped borrowing from the Jarvis Polygon pool that was the source of the exploit. The team said that a suspicious transaction used a recently added collateral token.
POST MORTEM
1/7
We listed WMATIC-stMATIC Curve LP token a few days ago on https://t.co/jyjevMVMyF with supply caps of ~250k and had, not yet announced it
— Midas Capital (@MidasCapitalxyz) January 16, 2023
Shortly after the attack, the team released an ‘autopsy report’. He noted that Midas listed the WMATIC-stMATIC Curve LP token only a few days ago. This had yet to be announced and had a $250,000 supply cap. The Jarvis Network team and Midas Capital were discussing adding new collateral options and imposing a supply cap to avoid large borrowings. This wasn’t enough to prevent abuse, the popular type of flash loan that has plagued the market for years.
In the flash credit attack, the attacker inflated the LP token price and borrowed against it. The attackers fled with over $660,000 in jAssets. The team admitted that they made a mistake of reasoning, assuming that reentrancy they’ve seen in the past won’t affect the native ‘raw_call’ functionality of the Blockchain.
Developers offer reward to hacker
The developers made attempts to recover the funds. They reached out to the attacker in the hope that he would return the money. Then, they offered a bug bounty in return. So far, there are no updates on whether the attacker is responding or not.
To the attacker that hit our protocol last night: we've sent a message asking to discuss with us and @Jarvis_Network a bounty on the exploit. If you do see this, please get in touch!https://t.co/EbSDtjBIh1
— Midas Capital (@MidasCapitalxyz) January 16, 2023
Meanwhile, the team looks for other ways to deal with losses. They are running internal processes to prevent a recurrence of the attack. It is stated that setting borrowing limits or applying a cooldown period for newly added collateral may limit the attack surface. The Midas Capital team states that it will focus on being careful when adding new collateral and will try to develop a risk assessment framework. It also plans to add more checks and balances.
Crypto community hopes 2023 will be better
cryptocoin.com As you follow, DeFi attacks continue to disturb the market. These have not decreased at all compared to last year. ImmuneFi announced that the losses suffered by the crypto and DeFi market in 2022 are worth $3.9 billion. He also stressed that there were 168 incidents. Only $204 million, or 5.2% of the total value, was recovered.
However, white-hat hackers contribute significantly to security. White hats prevented over $20 billion in hacking in 2022. Perhaps it will be possible for them to reduce the lost value in this 2023 year. Meanwhile, even the FBI stepped in and provided security tips to DeFi users.
