PeckShield analysts have published details about the attack to the DeFi project Cheese Bank that took place on November 6. They claim they noticed the attack while they were studying malicious actions perpetrated through flash loans in the Ethereum blockchain.
Cheese Bank presents itself as an autonomous, decentralized digital bank based on ETH. The attack was carried out exploiting a bug in the way to measure asset price from an AMM-based oracle. As a result, the hackers have stolen $3.3M from the platform in the stablecoins USDC, USDT and DAI. PeckShield experts said:
"In the string of attacks, we have seen malicious actors use flashloans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially manipulate the price of a specific token on a single exchange."
During the attack, the hacker received a flash loan of 21,000 ETHs from dYdX, then swapped 50 ETHs to 107K CHEESE at Uniswap. As a result, he received tokens to provide as collateral at Cheese Bank. Subsequently, the attacker acquired a large amount of Cheese for 20,000 ETHs at Uniswap, manipulating the price of the token, which has allowed him to withdraw all assets from the USDC, USDT and DAI pools. PeckShield claims:
"Since AMM-based oracles (e.g., Uniswap, Curve) are often the target behind many recent hacks, we suggest to exercise extra care when referencing them as oracle prices as they can be easily manipulated."
At the same time, Cheese Bank's developers assure the bug that made the attack possible has already been fixed, however, some features of the platform are still not available due to the associated risks.
If you are looking for a crypto trading platform to trade your assets, visit Gozo.pro, a safe and reliable exchange.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.