Another day, another hack: $2m in DAI drained from Ethereum DeFi app Akropolis

Published on by Cryptoslate | Published on

To name one of the many recent exploits of DeFi contracts, Harvest Finance was hacked for $25-33 million in stablecoins due to a so-called "Flash loan attack." There was an economic logic flaw that Harvest's developers did not account for, allowing a technically-capable attacker to drain funds.

Today, around $2 million worth of MakerDAO's DAI stablecoin was drained from Akropolis.

Akropolis is a full-stack DeFi protocol that has a focus on allowing "Normies" to save and earn on their stablecoins.

Ethereum DeFi application Akropolis hacked for $2 million.

Early on Thursday, Ethereum analysts and users of Akropolis began to notice suspicious transactions involving Akropolis' savings product, called Delphi.

On-chain data indicated that DAI from Akropolis had been funneled into one address that was interacting with the protocol dozens of times per minute, suggesting something was afoot.

Over the span of twenty minutes, the attacker sent dozens of transactions to a number of Akropolis' Delphi savings pools, draining a sum of DAI from the pool total each time.

In all, 2,030,000 DAI had been withdrawn from Akropolis seemingly illicitly.

To keep it simple, the attacker used a flash loan from dYdX to trick the Akropolis smart contracts into thinking it deposited funds the attacker did not actually have.

Akropolis also responded to the attack, writing that they are reviewing the code and are looking for ways to reimburse users of the protocol that were affected.