QuickSwap, a decentralized exchange (DEX) that sustained losses from a flash loan attack, is ending its lending pool.
An exploit of Market XYZ on the DeFi platform has resulted in the theft of $220,000 worth of tokens, according to the Polygon (MATIC) based DEX.
The QuickSwap Response to The Hack
A flaw in Curve Oracle, an automated market maker (AMM) Market XYZ employed, causes the incident, according to the platform.
“QuickSwap Lend is closing⚠️. 🔗$220k was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which @marketxyz was using ☣ Only the Market XYZ lending market was compromised. QuickSwap’s contracts are unaffected,” said QuickSwap on their Twitter account.
According to QuickSwap, no user funds were affected by the hack, and the DEX’s contracts were not compromised.
The platform has terminated its support for Market XYZ and has pleaded with it to compensate stablecoin creator Qi Dao for his losses.
“We are encouraging users with funds deposited in Market xyz’s open markets on QuickSwap to withdraw them now, as we are in the process of closing them down,” the platform said.
How The Attack Goes
Security firm Peckshield claims the attack occurred when Curve Oracle’s price feed was compromised, followed by a borrowing based on the new inflated price.
“It is a price manipulation issue. The miMATIC market uses CurvePoolOracle for price feed, which is manipulated to borrow funds from the market,” said PeckShield Inc.
It is a price manipulation issue. The miMATIC market
uses CurvePoolOracle for price feed, which is manipulated to borrow funds from the market https://t.co/kDv10Zp2nz @market_xyz @QuickswapDEX @QiDaoProtocol https://t.co/muXdhubeJD pic.twitter.com/l5uWb5ynQQ
— PeckShield Inc. (@peckshield) October 24, 2022
The vulnerability was reported earlier this month by blockchain security firm ChainSecurity, according to Peckshield.
“Note that this specific bug was recently disclosed by @chain_security on Oct 11,” they tweeted.
A number of large exploits have been made in the DeFi space this month, including those of Olympus decentralized autonomous organization (DAO) and Mango Markets DAO.