Exactly protocol became the latest victim of an exploitation on August 18th, resulting in a substantial loss of funds. The breach not only led to a considerable drop in the platform’s total value locked (TVL) but also had a negative impact on its recently introduced native token, EXA.
Exactly Protocol is a decentralized, open-source platform creating an independent interest rate market for borrowers and lenders. It sets rates based on credit supply and demand, enabling seamless exchange of cryptocurrency asset value over time.
Besides variable rates, users can access fixed rates from Fixed Rate Pools linked to maturity dates, determined by credit utilization.
Exactly Protocol, initiated in July 2021, launched on Ethereum Mainnet in November 2022 and on Optimism in March 2023. The team comprises experts in software, economics, finance, and mathematics.
Funding was sourced from capital partners invested in Web2 and Web3 ecosystems, including Kazsek, BairesDAO, NXTP, Kain Warwick, Esteban Ordano, Matias Woloski, and Daedalus, among others.
The attack was discovered by DeDotFi Security, a Web3 based cybersecurity firm who posted on X. “@exactlyprotocol is facing an ongoing attack on the Optimism network, the exploited amount has exceeded $7.2 million. We advise users to take action to secure your assets.”
Following DeDotFi’s initial disclosure of a $7.2 million exploit, the reported amount was subsequently revised to over $12 million, encompassing more than 7,000 ETH. However, subsequent analysis led to the figure being adjusted back to $7.2 million.
Further, details of the hack revealed that it involves “funding an exploiter contract on Ethereum, transferring deposits to Optimism, and ultimately bridging stolen funds back to Ethereum.”
Exactly Protocol was forced to halt its operations temporarily due to the breach. The breach had a significant impact on Exactly Protocol’s total value locked (TVL), causing it to plummet from $37 million to $11.74 million following the incident. This represents a substantial decline of nearly 70% and highlights the vulnerability of DeFi projects to security threats.
The incident adds to the growing list of security breaches across the DeFi sector. Just this month, Solana-based DEX Cypher Protocol also fell victim to a hack, resulting in the exploitation of approximately $1 million in crypto assets.
While some projects managed to recover stolen funds with the help of centralized exchanges and investigators, the DeFi space remains susceptible to various forms of exploitation.