Ola Finance has lost $3.6 million to an attack on its lending product on Fuse Network
Ola Finance was hacked on Fuse Network, one of the many blockchains on which it operates, with the attacker pocketing an estimated $3.6 million in various assets.
Ola Finance on Fuse Network suffers $3.6 million hack
The issue relates to a common issue known as a reentrancy bug, a smart contract vulnerability that allows hackers to make repeated calls to a protocol to steal assets. A few weeks ago, two DeFi protocols on Gnosis Chain – Hundred Finance and Agave – lost more than $11 million in customer funds in flash lending attacks due to reentrancy bugs.
Security firm PeckShield told The Block that the Ola Finance hackers started by first borrowing money using their collateral. Then, taking advantage of a security flaw in Ola’s smart contracts, the hacker removed the collateral without repaying the loan they borrowed. The perpetrator then repeated the same process on other Ola Finance groups for $3.6 million.
After withdrawing all the funds, the perpetrator transferred them from Fuse to other blockchains – BNB Chain and Ethereum – via Fuse’s cross-chain bridge. Of the total spoils, it is reported that the hacker holds $3 million on Ethereum and another $637,000 on BNB Chain.
Ola Finance said it was still investigating the incident and promised to release a report soon after an autopsy. Ola’s decentralized lending product on the Fuse Network remains paused for damage control. The project noted that its lending services on other blockchains were not affected by the incident.
- Ronin, An Ethereum-Linked Sidechain Developed By Axie Infinity, Has Confirmed A Major Security Breach
- 13 Malicious Apps Impersonating The Jaxx Liberty Wallet, Available On The Google Play Store