• Sat. Aug 19th, 2023

DeFi Rodeo Finance Hacked for $1.5 Million

Aug 6, 2023
DeFi Rodeo Finance Hacked for $1.5 Million
Marcel Bich

PeckShield, a blockchain security company, reported that the decentralized Rodeo Finance platform running on the Arbitrum network experienced a compromise due to manipulation of the oracle.

DeFi Hack: $1.5M Loss, Manipulated Oracle, and Unsettled Funds

Approximately $1.5 million, equivalent to 810 Ether (ETH), was lost by the decentralized financial platform (DeFi) as a result of the hack. The attacker transferred the funds from the Arbitrum network to Ethereum network after trading the tokens for different ones. The stolen ETH was then added to a staking platform, and to cover their tracks, the hacker utilized the Tornado Cash cryptocurrency mixer.

Exploiting the time-weighted average price oracle used by DeFi protocols to calculate the average price of assets over time and reduce market volatility, the hacker manipulated the system.

The attacker’s wallet address still holds over 374 ETH, which has been identified by Etherscan as linked to the Rodeo vulnerability. Following the attack, the total blocked value (TVL) of the DeFi protocol, which previously amounted to $20 million, plummeted to below $500.

An investigation into the Multichain project revealed significant cash outflows totaling around $126 million, with an additional $117 million taken by unidentified individuals. The unusual asset outflow affected various networks, including Avalanche, Polygon, Optimism, and Fantom, all of which had funds transferred to the same address. The attacker has yet to move or sell the assets, nor have they been transferred to a cryptocurrency mixer.

In the first half of 2023, cryptocurrency losses due to fraud, hacking, and theft amounted to approximately $656 million. Although this is a decrease compared to the previous year, where losses surpassed $1.9 billion, analysts estimate that hackers managed to recover around $215 million or 45.5% of the stolen funds from direct attacks.