An unknown attacker has withdrawn 810.1 ETH (about $1.5 million) from DeFi protocol Rodeo Finance on the Arbitrum network via oracle manipulation.
PeckShield analysts have reported that after the attack, the hacker sent the stolen assets to the Ethereum network and then exchanged them for unshETH to transfer funds to the staking service Ankr. Subsequently, he laundered the crypto through the Tornado Cash mixer.
Representatives of Rodeo Finance have not yet officially responded to the incident.
Igor Igamberdiev, head of research at Wintermute, has said the attack was carried out through "manipulation of the TWAP oracle."
According to him, the hacker artificially distorted the average price of the asset to gain an undue advantage during transactions.
Igamberdiev has specified the attacker probably borrowed a large amount, devalued the asset using an exploit and then bought even more coins at an artificially low price.