Posts

Helio Oracle Attack Leads To $15 Million In Losses

avatar of @chekohler
25
Cesc0410
@chekohler
·
·
0 views
·
3 min read

In today's YIYL (You Invest, You Lose) we follow up on the aftermath of the Ankr hack because in the interconnected world of DEFI one vulnerability can have several dependencies and allow for several protocols to be exploited in a daisy chain of dumb ideas and bad business models.

Yesterday I covered how attackers were able to take advantage of an exploit on the Ankr protocol to end up with around $5 million in USDC. In the process of securing a nice bit of retirement savings, they needed to mint quadrillions of a derivative token known as aBNBC which had a market cap of around $55.5 million but as the dumping began through infinite minting, it quickly crashed the buy side order book.

What seems to be a torrid time for BNB-based protocols continued this week with Helio allowing a certain group to make off with a sizable bulk of their treasury.

Helio Protocol is a DINO protocol that allows users to do over-collateralized lending and liquid staking the BNB chain. HAY is the protocol’s native stablecoin over-collateralized by BNB and is redeemable for US $1 worth of BNB. So basically it's a knock off version of MakerDAO if you are still wondering what they do.

Helio got too close to the sun

According to reports and tweets, an unknown group of attackers were able to drain some $15 million in liquidity from another BNB Chain-based staking platform called Helio on after exploiting an oracle issue on the protocol, on-chain data shows.

The issue with the price oracle on the staking platform Helio allowed attackers to borrow 16,444,740 HAY, a stablecoin intended to be pegged to the US dollar. The attackers then swapped those HAY for around $15 million in the BUSD stablecoin.

Meanwhile, the HAY stable was dumped and depegged by 80% trading as low as 20 cents on the dollar, and has slightly recovered since but nothing close to dollar parity.

How oracles enter the mix

Since blockchains are only databases, the need to get price feeds from external sources when they host tokens that are not native to the chain. To solve this problem a duct tap solution known as an oracle sends the price feeds to a smart contract that then aggregates that value to the market makers using the token.

Oracles are third-party services that fetch data from outside sources to within a certain blockchain. Oracles are extensively used by decentralized finance (DeFi) protocols to ensure their lending, borrowing and other services are accurate.

Delays or breaking in the oracle feed, however, could mean the loss of funds as malicious traders take advantage of price differences. So even if your smart contract is perfect which is impossible, the oracle feed or fall back feeds can always be corrupted because they aren't stored in something immutable they are a live price feed from centralised servers that can be co-opted.

https://twitter.com/BlockSecTeam/status/1598625878455373824

Making hay while the sun shines

The HAY staking pool continues to hold some $19 million in locked funds, with developers stating that staked funds are SAFU, like everyone else would in this situation.

Helio said in a separate tweet that it was working to mitigate the ongoing situation and asked users to avoid transacting in HAY.

https://twitter.com/Helio_Money/status/1598652898040160256

If you didn't already learn from the UST blow-up or the other smaller stablecoins that blew up or that 50% of MakerDAO is backed by USDC then I don't know what to tell you, but Algo stablecoins are never going to be a thing and people need to accept that.

Those that don't will simply have to pay the price for it and that's alright with me, that's how financial markets should work, if you have a dumb thesis your money should be taken away from you and you should learn a lesson in humility.

Sources:

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shopEarn Free Bitcoin & shopClaim Free Bitcoin & Shop

Posted Using LeoFinance Beta