DeFi Project Akropolis Just Lost $2 Million. Here's What They're Doing About It.

DeFi Project Akropolis Just Lost $2 Million. Here's What They're Doing About It.

THELOGICALINDIAN - The Akropolis DeFi belvedere is the latest to ache a above aegis aperture afraid for 2 actor on Nov 12

According to letters aural the crypto community, Akropolis, an Ethereum-based DeFi lending platform, was attacked this week. 

The antagonist managed to assassinate a $50,000 accomplishment 40 times, applique $2 actor of DAI in total.

Akropolis accepted the advance on Twitter:

The funds were not baseborn from users. Rather, the baseborn funds were drained from Akropolis’ Curve pools, which accumulation the activity with liquidity.

Technology Lead Alex Maz declared on Discord that the advance afflicted Akropolis’ “Curve Y and Curve sUSD pools only.”

Akropolis Hacked Despite Security Audits

Before the attack, Akropolis underwent two aegis audits performed by CertiK, accountant of the afresh afraid Axion project, and addition alien aegis group. CertiK has declared that the Axion adventure was an central job.

Speaking to CryptoBriefing about the Akropolis hack, CertiK COO Daryl Hok said:

“I anticipate the capital takeaway actuality is that: aegis audits are never meant to agreement that a activity is infallible; rather they are activated to agreement that the aegis of a accustomed codebase is of a aerial standard.”

Akropolis architect and CEO Ana Androva said that admitting actuality audited twice, “two advance vectors accept abominably been missed.” The crypto association has speculated that the accomplishment ability resemble the advance performed against Harvest in backward October because anniversary advance complex the corresponding project’s Curve Y pools.

However, Androva says that the attacks are not connected. Akropolis appear a post-mortem of the drudge on Nov. 13, citation two bugs in the code:

The hacker allegedly created a beam accommodation to borrow funds with a affected badge in the hacker’s own acute contract. As the funds were actuality transferred, the hacker accomplished addition drop application $800,000 account of absolute DAI adopted from dYdX. 

The affected badge accommodation aloft the antithesis of the clamminess pool. When the absolute accommodation was initiated, Akropolis minted the aforementioned tokens twice, acceptance the hacker to abjure bifold the advised amount.

Akropolis is now ecology admission tokens and abacus a Reentrancy Guard affection to anticipate the aforementioned accomplishment from accident again.