After a round of critical strikes, Flash Loan seems to have suspended the attack. Recently, there has been no hearing of large-scale flash loan attacks.
There are two possibilities for this situation. One is that the recent hot projects and the projects that have been attacked before have worked hard on security, and the other is that hackers have recently been planning other attacks.
For this function, is it good or bad?
Let’s first look at the origin of flash loans and what it can do.
In reality, the most commonly used financial products are wealth management and loans. Wealth management involves regular deposits in banks and various financial platforms to obtain interest. The evaluation of loan quotas is determined by credit evaluation and asset mortgage. .
Wealth management is replaced by liquidity mining in decentralized finance, and lending has not had a good solution before the outbreak of DeFi, until the emergence of lightning loans, it is also considered to be one of DeFi’s greatest innovations.
Flash Loan was first proposed by the Marble Agreement in 2018. At that time, the developer’s idea was to complete a zero-risk loan through smart contracts. The smart contract platform processes the transaction at once. If the borrower cannot repay the loan, the entire transaction will roll back, just as if the loan did not happen at all.
The focus is on the feature of blockchain transaction rollback. The user initiates a transaction with the contract, and the contract lends the user a sum of money, and then the same user repays the loaned amount and the corresponding interest in this transaction. If not, the transaction will be judged not to take effect and then rolled back, and there will be no transfer of loans. This is totally unthinkable in traditional terms, because borrowing requires neither credit nor collateral.
Most speculators use flash loans to buy coins in one DEX with a lower price, and then sell them at a higher price in another DEX to get the difference.
However, flash loans are prone to security incidents if they are used in exchanges with insufficient safety factors and large funds are used. This is also the main reason for the recent flash loan attacks in many projects.
Take the hacker borrowing ETH lightning loan as an example, the attack steps are as follows:
1. The attacker borrows a large amount of ETH from the lightning loan platform, and then puts the ETH on a DeFi platform for liquidity mining (the platform has been developed by hackers in advance and has technical design loopholes).
2. Hackers control prices and use certain design loopholes to control the judgment of the system.
3. At this time, the tokens of the DeFi project have risen, and the hackers exchanged the tokens of the DeFi project for ETH to complete the entire process.
4. If you repeat the operation, you can get huge returns, and you can get back the excess assets in the contract or sell them on the DEX.
5. After all the processes are completed, the attacker takes a portion of the money to return the money borrowed in the flash loan.
The recent news of large flash loans include:
On October 26th, the Harvest Finance project was attacked by a flash loan, and the loss was approximately US$24 million.
On November 12, the DeFi lending agreement Akropolis was attacked by cyber hackers using lightning loans, causing a loss of US$2 million.
On November 14, the Value DeFi protocol was hacked and $7.4 million in DAI was stolen, and then $2 million was returned.
On November 17, Cheese Bank, an Ethereum-based DeFi platform, suffered a loss of $3.3 million due to a hack.
On November 17, the Origin Protocol stablecoin OUSD was attacked by lightning loans, resulting in a total loss of USD 2.25 million in DAI and USD 1 million in ETH.
In this way, the hackers played with some vulnerable projects, and afterwards they flamboyantly left a string of text on the project to inform the project that there was a problem.
However, I think the operation of lightning loan is very beneficial. Even under the situation of frequent hacking, it itself better migrates the actual loan to the chain and provides better solution.
Through attacks, projects can pay attention to security issues. At this time, another aspect of finance-insurance will play an important role. After the outbreak of Cover, more projects will emerge on this track. Help projects and users protect the safety of funds.
DeFi has more and more Lego blocks. Lightning loans are just a tipping point. In the future, “contract is law” will be perceived by more people.
Comments
Post a Comment