Arbitrum-based decentralized finance (DeFi) protocol Rodeo Finance was exploited for $1.53 million on July 11. The DeFi protocol was exploited using a code vulnerability in its Oracle leading to a loss of over 810 Ether (ETH).
According to data shared by blockchain analytic group Peckshield, the exploiter later bridged the stolen funds from Arbitrum to Ethereum and swapped 285 ETH for $unshETH. The exploiter then deposited the ETH on ETH2 staking. Finally, the exploiter routed the stolen ETH using the popular mixer service Tornado Cash which is often used by exploiters as an exit route as these mixers help obscure the transaction’s footprint.
However, it offers a vulnerability for exploiters to manipulate these oracles by artificially skewing the calculated average price of an asset. This allows them to gain the upper hand during a transaction and then exploit the protocol.
An exploiter first borrows a large sum of an asset and then artificially manipulates the price to buy the same asset at a deflated price. Later the exploiter returns the loan and makes a profit based on the low price managed by manipulations.
Related: Crypto scams are going to ramp up with the rise of AI
The exploiter wallet address still holds over 374 ETH and Etherscan has marked the address as linked to the Rodeo exploit, The DeFi protocol had $20 million in total value locked (TVL) which has fallen below $500 after the exploit.
Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books
Leave A Comment