Author: Qin Xiaofeng
If something goes wrong with some DeFi projects, the loss can be recovered through insurance. But what if the insurance company is attacked?
On the evening of the 28th, the DeFi insurance project Cover Protocol was attacked by hackers, resulting in the issuance of more than one trillion tokens. Hackers have cashed out on DEXs such as SuShiSwap and Uniswap, which directly caused the price of the token COVER to plummet by more than 90% from $800. As of press time, Uniswap has temporarily reported $23 for Cover.
After the incident, centralized exchanges such as OKEx and Matcha immediately closed Cover deposits and withdrawals, and Binance suspended Cover trading.
According to OKLink data from OKLink, the attack also led to a short-term drop in Cover Protocol’s total lock-up volume. The current Cover Protocol’s total lock-up volume is approximately US$31.12 million, a drop of 31.17%.
On November 28 this year, Cover Protocol merged with Yearn Finance (YFI). As of press time, Banteg, the core developer of Year Finance, stated that they are investigating this issue.
1. Event review: additional issuance of contract loopholes
At 18:00 tonight, it was stated that Cover was suspected of being hacked, and 10,000 COVER tokens were issued and replaced with assets such as WBTC and DAI.
Although it has not been confirmed, after the news came out, the price of COVER fell sharply by 50%, from $800 to about $370.
In the community, there are also many investors who think this is just a rumor, and they started to buy bottoms around $400. However, it didn’t take long for many users to find that the price of COVER in some decentralized transactions began to plummet. Among them, Uniswap and SushiSwap were the main ones. The price once dropped to the US$20 line, which was almost zero, compared to today’s opening price. Tumbled more than 90%.
The block explorer shows that the current total amount of Cover Protocol’s native token COVER has been increased to 40,796,131,214,802,600,000 (4000 Jing, basically equal to unlimited additional issuance), and an address labeled Grap Finance has issued these tokens and continues to be in DEX Sell off.
Where did these additional “counterfeit coins” come from?
According to various information, Odaily Planet Daily summarized the hacker attack process as follows, which involved two waves of hackers:
- The first wave of hackers first constructed the counterfeit currency by themselves (1), then took the counterfeit currency to the Balancer for liquidity in exchange for bpt (2), and then took the bpt of the counterfeit currency to pledge (), and then decompressed it in exchange for the real currency cover (4) ); Repeatedly, the hacker obtained a total of more than 11,000 COVER real coins, and finally cashed out profits.
- The attacker’s address was created two days ago, with an initial capital of about 200 ETH, and currently the address has assets of more than 1,400 and 1 million US dollars in other tokens. This address has been labeled CoverExploiter1 (Cover Exploiter 1) on Etherscan.
- The second wave is to use a loophole in the Cover Protocol reward contract called “Unlimited Mining BUG” to issue an additional 40 trillion Covers; due to the same smart contract, these coins were also mistaken by the trading platform as “real coins” Hackers use Uniswap and other DEXs to cash out in batches. According to DeFi developer @banteg, the attackers ultimately benefited more than cashing out 4374 ETH, or about 3.2 million US dollars.
At present, the identity of the hackers in the first wave is unknown, but the addresses of the hackers issued in the second wave are marked by the network as the addresses of the developers of Grap Finance. After making a profit, the attacker returned the proceeds to the Cover team, destroyed the remaining additional cover, and left a message to (the predecessor of the Cover Agreement): Next time, take care of your own business.
“Sure enough, the founder of grap.finance is a DeFi hero. Just brushed it up, and 4350 eth have been called to the cover team.” Encrypted KOL “Super Bitcoin” commented.
It sounds unfamiliar and unprofitable. The COVER attacker seems to be a “white hat” of justice. But by smashing the market, so many investors lost their money, is such a “chivalrous spirit” really worth promoting?
Currently, YFI founder Andre Cronje has not yet commented on the incident, and Cover Protocol has not given an explanation for the accident. After the attack, centralized exchanges such as Binance temporarily suspended COVER deposits and withdrawals.
2. DeFi is insurable
COVER is not the first DeFi project to be attacked this year.
On the afternoon of December 14, Beijing time, the account of Hugh Karp, the founder of Nexus Mutual, a leading DeFi insurance project, was hacked and 370,000 NXM ($8.33 million) was stolen. The hacker first sold 102000 NXM on 1inch and 16000 NXM on Matcha. Subsequently, Nexus Mutual officially stated that the hacker address sold about 35,000 WNXM via 1inch.
According to the official disclosure details, after obtaining remote control of Hugh Karp’s personal computer, the attacker modified the Metamask plug-in used on the computer and misled him to sign the transaction in Figure 1. This transaction eventually transferred a huge amount of tokens to the attack In your account.
For DeFi insurance projects, the original intention is to reduce risk losses for other DeFi projects. It has been coveted by hackers, so security protection should be strengthened. Nowadays, hackers have repeatedly attacked and suffered losses due to their own vulnerabilities. Can such insurance programs really help users resist risks?
Since “Code is Law” is advocating in the DeFi world, do the code well and achieve the ultimate without leaving any opportunities for hackers.
Finally, I hope that the development of DeFi will get better and better, and there will be fewer vulnerabilities.
