Hacktober Strikes Again: Polygon’s QuickSwap Loses $220k
Polygon’s popular decentralized exchange QuickSwap has been hit by a flash loan attack, resulting losses amounting to $220,000.
Flash Loan Attack Siphons Off Funds
On Monday, hackers targeted the popular decentralized exchange (DEX) in a flash loan attack and siphoned away crypto assets worth $220,000. The incident was disclosed by the QuickSwap team which took to Twitter to reveal the details of the attack. The team has also shut down its lending protocol, QuickSwap Lend in order to mitigate the damages wreaked by the attack. The team also revealed that its Market XYZ lending market was the only platform affected by the exploit and that all user funds are safe. The QuickSwap team also revealed that the siphoned off funds for the Market XYZ were provided by the Qi DAO protocol.
“QiDaoProtocol provided the seed funds for this market. No user funds were compromised. We are encouraging users with funds deposited in Market xyz’s open markets on QuickSwap to withdraw them now, as we are in the process of closing them down QuickSwap. QuickSwap is strongly encouraging Market xyz to fully compensate Qi Dao for their losses.”
Mechanics Of The Hack
By definition, flash loans allow crypto users to borrow loans from DeFi platforms without having to provide a collateral. Therefore, the QuickSwap flash loan attack did not affect any of the user funds. However, they are more prone to exploits in cases such as this, where a highly capitalized bad actor manipulated the price of an asset by taking out heavy loans and then quickly sold back the borrowed capital for a sizeable profit. Furthermore, since the QuickSwap DEX requires no sign-ups (unlike a centralized exchange), malicious actors can easily participate and conduct such exploits. According to blockchain security firm PeckShield, the hackers have resorted to hiding the funds with the help of sanctioned crypto mixer tool, Tornado Cash.
Hacktober Wreaking Havoc
There have been numerous attacks on lending platforms and other DeFi protocols in 2022. The attackers seem to have amped up their efforts, particularly in October, which is now referred to as “Hacktober” because of the scale of such attacks. There was the $117 million hack of the Mango Markets lending platform. It was soon followed by the Moola Markets, BitKeep Wallet, and Olympus DAO hacks. In the case of both Mango Markets and Moola Market, the attackers returned most of the funds after retaining a bug bounty.