News
QuickSwap shutdown it’s lending service; see why
Polygon-based DeFi platform Quickswap has closed its lending service to users. The decision was made after a flash loan exploit was recorded for over $200,000 worth of tokens.
Reports showed the attackers exploited the system by borrowing funds using a flash loan, a form of unsecured lending. After this, the attackers used inflated values to drain all the liquidity from the affected Quickswap pool. Stolen tokens, including MATIC, were exchanged for other tokens on Tornado Cash.
Quickswap made the announcement with a Tweet from its official Twitter account, and warned users of the attack, which was aimed at the vulnerability of the Curve Oracle,
Flash Loans are a feature provided by DeFI platforms and do not necessitate collateral from the borrower as long as the loan is paid back in the same transaction.
Originally, the DeFi platform had pinned the vulnerability on the Market XYZ protocol, which it said, used a faulty Oracle from DeFi protocol curve and Stable issuer QiDao. However, QiDao has said the vulnerability is unrelated to their smart contracts.
Oracles are protocols that search data from external sources and feed the information to different blockchains in need of them. While Quickswap said it would release an updated report, none has been released as of the time of writing.
Blockchain Security firm, PeckShield released a report of the exploit sometime later, reporting how the attackers used Tornado cash to hide the origin of the funds, according to Etherscan data
Looks like @QuickswapDEX @market_xyz @QiDaoProtocol was exploited on polygon againhttps://t.co/EFdEufZe2y pic.twitter.com/Ejg2NiUKjQ
— PeckShield Inc. (@peckshield) October 24, 2022
Quickswapo is a fork of Uniswap, one of the leading AMM DEXes in the crypto space but unlike Uniswap, Quickswap does not run on Ethereum, but on Polygon. This attack has been one of many in the month of October alone.
Read also
What do you think of his article? Share your comments below.
