Fortress Network, a DeFi lending protocol, was the target of a manipulation attempt on May 8th, draining almost all of its assets.
The stolen assets, as specified in the protocol’s release, included 1,048.1 Ether and 400,000 DAI.
Despite the fact that the heist was reported this month, there are indications it began much earlier. In fact, less than a week before the news became public, 19 days ago.
The assault was confirmed by Fortresses Network in a tweet soon after it took place. Following the disclosure, there was a cry for help in tracking down the culprit. The DeFi lending protocol stated that it was “utterly devastated” by the incident.
How Did It Happen?
In a lengthy Twitter thread, security firm CreditKAlert detailed how the thief carried out the theft.
The perpetrators, according to the report, purchased $FTS tokens with Ethereum, which they obtained by using Tornado Cash.
He purchased more than the required number of tokens, which allowed him to control the governance contract and pass a proposal (Proposal ID11). An action targeting the change of a credit contract’s collateral component.
It was simple for the attacker to acquire a large number of items from the loan contracts once that was completed. They then sent the money to Ethereum using Celer Network, which was followed by Tornado Cash cover-ups.
The attacker was meticulous in his planning. The intruder used the privacy technology provided by Tornado to execute his operations at both the start and end of his campaign. On Ethereum, the mixing method implemented in Tornado cash disrupts any link between the sender and receiver, providing a flawless defense.
The Binance Based protocol has tanked the local coin of its FTS, the Binance Based trading system, by 45% as a result of this event.
Attacks against the DeFi ecosystem are on the rise.
According to Peckfield, during the first six months of this year, DeFi platforms lost over $1.6 billion in cryptocurrency due to hacks. This is more than was stolen throughout all of 2021 combined.
Two high-profile assaults occurred in the previous two months. The Ronin network of Axie suffered the greatest loss, losing more than $600 million. Inverse Finance also lost a substantial amount of assets last month, totaling more than $15 million. Rari’s Fuse Protocol was hacked in a similar way as Inverse Finance was last month.
In the aftermath of the Fortress breach, Peckfield and Bloc Sec. security firms have claimed that Umbrella Network’s unpredictable price feed may have aided in the hack’s success. The DeFi oracle claims that an investigation is being conducted and that a hotfix has been sent to fix the problem.