About $25 million were exploited from DeFi Protocol Popsicle Finance due to a simple bug but advanced hacker attack.
The latest hacker raid has caused tremendous losses for the crypto project, as news of the heist was disclosed by none other than Mudit Gupta. In a Twitter feed, Gupta explained how more than 10 protocols have suffered the same attack even though he had pointed out the error in another protocol.
In June, I reported the same bug in WildCredit https://t.co/ONTC6u4WdL. This bug has been exploited in like a dozen other protocols already.
Auditors and Smart contract devs need to keep up with the ecosystem. This code should not have made it to production.
— Mudit Gupta (@Mudit__Gupta) August 4, 2021
Sorbetto Fragola has been the product to be attacked by hackers, as part of the decentralized finance protocol product range that enables users to systematize yield on their digital assets.
As Uniswap pays a usual but adjustable 0.3% trading fee as proceeds for generated trades to liquidity providers, they can now establish precise pricing criteria within which they’d like to add liquidity in the latest version of Uniswap. As such, users are motivated to make a liquidity provision as precise as possible in order to avoid price slipping by withdrawing from pools and simultaneously gaining more on liquidity provisions.
Sorbetto Fragola is a superior product in reducing the hassle of the users on their attempts at optimization. Fragola positions digital assets to the most profitable liquidity pools if the operator deposits its digital assets onto the product for a slight fee. Nonetheless, the effortlessness of it all does seem too good to be true. In that respect, users lost as much as north of 40% of their portfolios as a result of the hack, including ICE token which clashed by a staggering 26%.
As a precautionary measure, users with assets from EURt, ETH/LINK, ETH/AXS, and ETH/SLP have been advised to remove them quickly for the time being. It so seems that these vicious exploits are yet to occur in decentralized finance.
We are aware of the current exploit to Fragola. We will investigate and publish post mortem.
The other Popsicle Finance's contracts have not been exploited.
If you still have funds in the ETH/AXS, ETH/SLP, ETH/LINK or any EURt Pool please remove them immediately.
— Popsicle Finance (@PopsicleFinance) August 4, 2021