WOOFi reported a loss of $8.75 million, offering a 10% bonus to return
WOOFi, a decentralized finance platform, experienced an exploit on March 5 that targeted its exchange feature on the Arbittrum network. The incident resulted in a loss of approximately $8.75 million in crypto assets.
The platform said it has initiated efforts to recover these funds and has offered a 10% WhiteHat bonus to the exploiter. Additionally, a reward has been offered at Arkham Intelligence for anyone providing additional information.
WOFi exploitation
According to a post-mortem report, the SPMM algorithm that controls pricing on WOFi Swaps was used on Arbitrum. The attack involves a series of flash loans that take low liquidity to control the price of WOO, allowing the exploiter to pay off the loan at a discounted rate.
The exploiter borrowed about 7.7 million WOO and other assets, selling the tokens on WOFi. This action caused WOOFi's sPMM to fix WOO at an extremely low price, allowing the exploiter to exchange 10 million WOO cost-free in the same transaction.
The exploiter repeated this attack three times in a short period of time, resulting in a profit of approximately $8.75 million after paying off the Flash loans.
WOOFi states that the SPMM in its second edition is designed to control drift and balance pools by taking into account the business values of users.
However, the crash resulted in a wide deviation from the expected range (0.00000009), and the return check, normally performed on Chainlink, did not include the value of the WOO token.
A conservative listing strategy pays off
WOOFi also said its SPMM has been risk-free since its launch in 2021, largely due to its “conservative approach” to listing new assets. The platform's strict specification process has reached a point where it cannot be exploited by major assets like ETH.
However, with the recent introduction of a WOO credit market on arbitrage, the relatively limited supply of WOO tokens combined with the support on the network has made exploitation economically viable.
While WOOFi Swap operates on more than ten networks, none other than Arbitrum has demonstrated both the WOO token and WOO credit markets, effectively preventing similar exploits from occurring on alternate networks.
Meanwhile, according to a recent report by Certike, the crypto sector lost around $160 million to exploiters, hacks and scams in February. These numbers showed a slight decrease compared to January, despite an increase in inflation. Of those losses, the flash loan accounted for just $138,000.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off your first month of Binance Futures (terms).