Wise Lending drained of $440K worth of crypto in a

Crypto FLASH IN LOAN 2024-01-13 37


Web3 lending app and yield aggregator Wise Lending was drained of 170 Ether (ETH), worth $440,000 at current prices, in an apparent exploit on Jan. 12, according to multiple security experts. The exploiter may have manipulated an oracle price through a flash loan in order to carry out the exploit.

Blockchain data shows that the attack took place at 07:29 pm UTC. The attacker used an unverified contract with an address ending in d82c to drain the funds. Multiple tokens were transferred into this contract, including $9,000 worth of USD Coin (USDC), $2,000 worth of Tether (USDT), $5,000 worth of DAI, 18.51 Wrapped Ether (WETH) ($47.694), and numerous Pendle Finance associated tokens.

Wise lending exploit transactions on January 12. Source: Etherscan.

The attacker borrowed 1,110 Lido Staked Ether (stETH) tokens ($2.9 million) from AAVE lending protocol as part of the exploit. Exploiters often use flash loans to manipulate oracle prices.

Related: What are flash loans in DeFi?

Pseudonymous blockchain security researcher Spreek alerted the crypto community about the attack on X, stating “Looks like Wise Lending exploited for ~170 eth.”

In a reply to their own post, Spreek speculated that the vulnerability may have been associated with a new Pendle Finance derivative token. Another security researcher, Officer’s Notes, shared the post, commenting “Another day, another exploit.” According to Officer’s Notes, the vulnerability may have been caused by a 7% swing in price between stETH and Ether (ETH) within a particular pool, which was in turn “b/c of AAVE v2 stETH flashloan.”

2024 just got started, but decentralized finance (DeFi) protocols have already lost at least $5 million through exploits. On Jan. 3, Radiant Capital was hit for over $4.5 million. The following day, liquidity manager Gamma Protocol lost over $400,000 in an exploit.

In 2023, over $1.8 billion was lost from crypto hacks, scams, and exploits, according to blockchain security platform Certik.