The multi-chain protocol for optimizing profitability in OneRing Finance stablecoins has been hacked. The hacker withdrew $ 1.45 million through the use of an instant loan, the losses of the project amounted to about $ 2 million.
To perform the exploit, the attacker placed a special smart contract on the Fantom platform. Since the script was configured to self-destruct, it is almost impossible to determine which vulnerabilities were exploited, the project team noted. To get at least some information, she works with node providers.
“This only tells us that the hacker is a professional, and since we were the only hacked protocol, the attack was carefully planned,” the statement said.
PeckShield specialists tracked the main steps of the incident.
After deploying the smart contract, the attacker borrowed 80 million USDC through an instant loan, which he used to manipulate the price of the OShare token in the liquidity pool.
After repayment of the loan, its profit amounted to $1,454,672. Another $500,000 was lost due to swap fees and loan payments. In total, the losses of the protocol amounted to almost $ 2 million.
The hacker transferred the stolen funds from Fantom to Ethereum and immediately sent them to the Tornado Cash mixer. Through the same service, he replenished the newly created wallet that he used for the attack.
“This is as clean an address as possible, and the assets that are now disappearing in Tornado Cash limit our ability to contact exchanges and any parties to prevent the withdrawal of funds by a hacker,” the OneRing team noted.
The developers stressed that only the OShare liquidity pool on the Fantom platform was affected. The remaining funds are safe, but the project has suspended all operations with the repository.
OneRing assured that they are working on a compensation plan.
The protocol team offered the hacker 15% of the stolen funds plus 1 million native RING tokens for a refund, although they called such a development “unlikely”.
Against the background of hacking, the project’s coin quotes dropped from levels around $0.93 to near $0.82.
Data: DEX Screener.
Recall that in March, an unknown person attacked the Deus Finance DAO DeFi project with the help of instant loans and earned about $ 3 million. The attacker also hacked the Agave and Hundred Finance protocols, whose losses amounted to approximately $11 million.