Arbitrum DEX Fell Victim to Hacks

WOOFi, a decentralized exchange running on the Arbitrum [ARB] network, became the target of malicious attackers and faced a short-term loan mining attack, with the value increasing to $8 million.

WOOFi gets attacked

In this context, flash loan exploitation has become a popular attack tactic in the decentralized finance (DeFi) sector. This tactic allows attackers to take advantage of the unique characteristics of payday loans to dominate the financial system.

Flash loan protocols allow users to borrow large amounts of money without collateral, on the condition that the amount is returned within the same block of transactions. Once the borrowed money is in place, an attacker can use it to manipulate prices or take advantage of vulnerabilities in decentralized protocols, such as decentralized exchanges or lending platforms. Their goal is to create temporary market imbalances, manipulate prices or exploit vulnerabilities to profitably withdraw money.

Source: X

During their investigation of the attack, researchers discovered that the hacker took advantage of one of the oracles on the Arbitrum network, specifically affecting the WOOFi WooPPV2 contract. The attacker deployed a contained flash loan attack to interfere with the price of the WOO token. Notably, they made loan repayments amid a decline in the price of the underlying asset.

After receiving initial warnings from Twitter administrators like Spreek and PeckShield, the Woo project team immediately halted all activities and began a thorough investigation. To date, the attacker has managed to withdraw funds worth approximately 2,000 ETH.

Malicious attackers get to work

Source: Santiment

Although the DEX investigation is continuing, the Woo project has assured the community that there is no immediate risk to assets in Earn vaults, WOOFi shares, or other WOO contracts.

Related: Arbitrum Foundation Funds Crypto Film

Despite facing financial difficulties, WOOFi now has to contend with other malicious actors trying to exploit unsuspecting WOO users on the X network. After just two hours of the attack, the WOOFi team issued an alert, informing users about a fake account on X, pretending to be the official handle of the project.

Sentiment on the Arbitrum[ARB] network, where the attack took place, remains neutral. The price of the ARB token, relative to the network, does not fluctuate significantly.