Key Takeaways
- Solend, another Solana DeFi protocol, has been exploited through a price oracle attack for $1.26 million.
- The attack follows last month’s Mango Markets exploit that saw $100 million stolen.
- Protocols letting users deposit illiquid tokens as collateral and low liquidity on Solana has made the attacks possible.
Share this article
Solana’s Mango Markets and Solend have both come under attack in recent weeks.
Solana DeFi Attacked Again
Another Solana DeFi protocol has been exploited.
Solend, a lending and borrowing protocol built on Solana, reported that an attacker drained $1.26 million of users’ funds Wednesday. The exploit was due to an oracle attack, meaning that an attacker manipulated the oracle prices of certain volatile assets to borrow protocol funds against them with a higher actual value.
Solend acknowledged the exploit on Twitter, revealing that three lending pools had been affected. “An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt,” the protocol tweeted.
The “bad debt” occurs when an attacker tricks a protocol’s price oracles into valuing collateral assets higher than they should be. This gives them “credit” to borrow funds from a protocol with a higher actual value than their inflated collateral. In this instance, the attacker borrowed USDH stablecoin funds with no intention of paying them back, resulting in a net $1.26 million loss for the protocol.
Shortly after the attack, fellow Solana DeFi protocol SolBlaze announced it had discovered one of the attacker’s pseudonymous identities. “We discovered a known contact for the hacker… and have been working closely with the Solend team over the past half hour to get them in touch with the hacker to reach a resolution,” it stated. It’s not yet clear if Solend will be able to reach a resolution with the attacker to protect users’ funds.
Today’s Solend exploit is not the first time oracle price manipulation has been used to attack DeFi protocols on Solana. Last month, the decentralized trading platform Mango Markets was exploited for over $100 million when an attacker pumped up the price of the protocol’s native MNGO token. Doing so allowed the attacker to take out a series of large loans from several token pools, effectively draining the protocol of its liquidity.
Avraham Eisenberg, a self-described “applied game theorist” based out of New York, later
Click Here to Read the Full Original Article at Analysis Updates – Crypto Briefing…