DeFi Savings protocol Akropolis revealed on Nov. 12 that it had been subject to a flash loan attack, losing over $2 million as a result.
- The Akropolis team noticed at 14:36 GMT on Nov. 12 that $2 million in DAI had been siphoned out of a Curve and sUSD pool; the attacker(s) have already transferred funds out of the wallet
- All stablecoin pools have been paused until further investigation and has also informed exchanges
- The team is looking at ways to reimburse users who have been affected by the wallet, but “in a way that is sustainable to the project”
- The pool had been audited by two independent firms, but the contractors were not aware of this attack vector
- Hackers have been exploiting flash loans to hit DeFi protocols; one of the biggest in recent months was the $24 million Harvest Finance hack
- The bZx protocol has also suffered from a $350,000 flash loan attack -- one of three hacks it has experienced in 2020