On December 18th, Decentralized Finance (DeFi) lending protocol Warp Finance, underwent a massive flash loan attack where it lost nearly $8 million worth of stablecoins to the attackers. The attackers were able to get away with 3.85 million DAI and 3.92 million USDC in the Warp contracts.
However, not all hope is lost as over the weekend following the attack, Warp finance announced that it was able to recover parts of the stolen funds in the form of ETH/DAI LP tokens, i.e., Uniswap liquidity provider tokens consisting of ether and DAI deposits.
As mention earlier, the funds were originally lost in DAI and USDC stablecoins, hence, Warp Finance noted:
“The reason we have chosen to return LP tokens instead of stablecoins is that these are the tokens we’ve been able to recover.”
As a part of Warp’s reimbursement plans, the recovered funds are expected to be distributed sometime late Sunday night Eastern Time (early morning UTC) to affected users in amounts proportional to the amount of W-USDC and W-DAI they held at the time of the attack.
Warp has revealed that it expects to make all affected users whole and hence, will be issuing portal IOU tokens for every affected user, potentially allowing users to report a profit above what they had on the deposit at the time of the attack. Those IOU tokens are set to be distributed in the “coming days,” Warp Finance said.
The DeFi protocol did not reveal details on how these lost funds were recovered, but Warp had notified last week:
“The team has a plan to recover approximately $5.5m that is still secured in the collateral vault. Upon successful recovery, these will be distributed to users who experienced a loss.”
A common occurance
Last Friday, attackers used multiple “flash swaps” to three liquidity pools on decentralized exchange Uniswap, one for every Wrapped BTC, USDC, and USDT, along with two loans from crypto trading platform dYdX involving Ether and DAI. The attackers managed to get away with $7.7 million worth of funds.
These types of attacks are quite common in the DeFi space and there have multiple incidents of this sort. The attack basically involves borrowing collateral and returning it in a single transaction after using it to manipulate the price.