In the latest rounds of attack on DeFi (Decentralized Finance), FinNexus Options Protocol and DeFi platform lost close to $8 million. DeFi experts say the attack was either executed via stolen admin keys or a rug pull. In the attack, FinNexus lost more than 383 million FNX tokens pushing the price of the token to plummet by at least 90%.
Anonymous hackers once again pulled an attack on a De-Fi platform siphoning more than $7.6 million of funds. The hack targeted DeFi platform FinNexus who reportedly warned its clients in a tweet in the evening of Monday 17th May 2021. The platform said the FinNexus erc20 contract appears to have been hacked.
We regret to inform our traders and investors that the FinNexus erc20 contract appears to have been hacked.— FinNexus (@fin_nexus) May 17, 2021
For safety reasons please withdraw your funds from the pools.
The team is working on this issue and we will provide updates as they become available.
It is not yet known whether the hack was an inside job by an employee of FinNexus or by an anonymous hacker. Customers of the platform demanded to know on Twitter how FinNexus kept its admin security keys before the hack. Investigation into the hack is still ongoing by both individual security investigators and government securities.
A research analyst later revealed that the FinNexus token owner was intentionally changed to addresses in the Ethereum Network and a Binance smart chain. Several researchers who later commented on the Tweet concluded that the hack was either executed by stolen admin keys on a rug pull.
FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC.— Igor Igamberdiev (@FrankResearcher) May 17, 2021
This address minted:
- 323M FNX ($6M) on Ethereum
- 60M FNX ($1.6M) on BSC
and started dumping tokens.
Rug pull or StOlEn PrIvAtE kEy? pic.twitter.com/yuYe9yM0WM
According to reports, a total of $285 million has been lost in hacks involving DeFi platforms since 2019. The most popular attacks on the DeFi system are flash loan attacks. In this attack, hackers would borrow hundreds of thousands or millions of dollars from the platform. The attacker basically only takes a profit from the illegally obtained loan.
In 2020 hackers managed to steal a total of $120 million in DeFi attacks on several bundles of platforms. Usually, hackers would disappear with these funds untraceable or sometimes a small percentage of the funds are recovered. In April this year, another DeFi platform was hacked causing a loss of more than $80 million.
In a recent article on Nasdaq, U-Zyn Chua, CTO and Lead Researcher at DeFiChain discuss the security issue surrounding DeFi networks. This warns the monopoly dependents of DeFi platforms on the ethereum network carries a very high risk to the future of DeFi.