No one is safe: Ethereum DeFi protocol by PayPal co-founder exploited for $7.5m

Published on by Cryptoslate | Published on

Today, an up-and-coming DeFi protocol built on Ethereum by prominent Silicon Valley developers such as Yu Pan, a founding member of PayPal and the earliest Youtube employee, was attacked with a flash loan.

This is the fifth flash loan attack of the past three weeks, making it clear that this is an issue that all Ethereum users should be aware of.

OriginUSD hacked for $7.5 million in ETH and DAI. On Monday evening, a suspicious transaction was spotted by many users on Twitter.

At first, few knew what had happened: this unknown user had withdrawn 70,000 ETH from dYdX, an Ethereum decentralized exchange, as a flash loan, then used those funds to withdraw millions in stablecoins.

Some thought it was a normal arbitrage, but I suggested it was a flash loan exploit on a yield aggregator protocol.

The reason why I thought so was that the account affiliated with this suspicious transaction had sent millions worth of DAI and Ethereum from the flash loan transaction to his own address, implying that he made a profit.

According to them, what had happened was a "Reentrancy bug." A reentrancy bug is an infamous type of Ethereum smart contract exploit that basically allows someone to pretend they deposited a coin without actually depositing that coin.

We covered many of these attacks, including the one that took place just last week on Akropolis, and another that took place this weekend on Value DeFi.

You might also enjoy.... Another day, another hack: $2m in DAI drained from Ethereum DeFi app Akropolis Nick Chong 2 years ago 2 min read. How $150m in Ethereum & DAI was used to steal $7m from a Yearn.

Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.