If something goes wrong with some DeFi projects, the loss can be recovered through insurance. But what if the insurance company is attacked?
On the evening of the 28th, the DeFi insurance project Cover Protocol suffered a hacker attack, resulting in the issuance of more than one trillion tokens. Hackers have cashed out on DEXs such as SuShiSwap and Uniswap, which directly caused the token COVER price to plummet by more than 90% from $800. As of press time, Uniswap reported a temporary report of $23 on Cover.
After the incident, centralized exchanges such as OKEx and Matcha immediately closed Cover deposits and withdrawals, and Binance suspended Cover trading.
According to OKLink data, the attack also led to a short-term sharp drop in Cover Protocol’s total lock-up volume. The current Cover Protocol’s total lock-up volume is approximately US$31.12 million, a drop of 31.17%.
On November 28 this year, Cover Protocol merged with Yearn Finance (YFI). As of press time, Banteg, the core developer of Year Finance, said that they are investigating this issue, and the official Cover Protocol team also advises investors not to buy COVER again.
1. Event review: additional issuance of contract loopholes
At 18:00 tonight, Twitter user CryptoKebab said that Cover was suspected of being hacked, and 10,000 COVER tokens were issued and replaced with assets such as WBTC and DAI.
Although it has not been confirmed, but after the news came out, the price of COVER fell sharply by 50%, from $800 to about $370.
In the community, many investors also think this is just a rumor, and they started to buy bottoms around $400. However, it didn’t take long for many users to find that the price of COVER in some decentralized transactions began to plummet. Among them, Uniswap and SushiSwap were the main ones. The price once fell to the US$20 line, which was almost zero, compared to today’s opening price. Tumbled more than 90%.
The block explorer shows that the current total amount of Cover Protocol’s native token COVER has been increased to 40,796,131,214,802,600,000 (4000 Jing, basically equal to unlimited additional issuance), and an address labeled Grap Finance has issued these tokens and continues in DEX Sell off.
Where did these additional “counterfeit coins” come from?
According to various information, Odaily Planet Daily summarized the hacker attack process as follows, which involved two waves of hackers:
The first wave of hackers first constructed the counterfeit currency (contract address 1), then took the counterfeit currency to the Balancer for liquidity in exchange for bpt (contract address 2), then took the bpt of the counterfeit currency to pledge (contract address 3), and then decompressed In exchange for real coin COVER (contract address 4); so repeatedly, the hacker obtained more than 11,000 real COVER coins in total, and finally cashed out a profit.
The attacker’s address was created two days ago, with an initial capital of about 200 ETH, and the current assets of the address exceed 1,400 ETH and 1 million USD in other tokens. This address has been labeled CoverExploiter1 (Cover Exploiter 1) on Etherscan.
The second wave is to use a loophole in the Cover Protocol reward contract called “Unlimited Mining BUG” to issue additional 40 trillion Covers; due to the same smart contract, these coins were also mistaken as “real coins” by the trading platform Hackers use Uniswap and other DEXs to cash out in batches. According to DeFi developer banteg, the attackers ultimately benefited more than cashing out 4,374 ETH, or about 3.2 million US dollars.
At present, the identity of the hackers in the first wave is unknown, but the addresses of the hackers issued in the second wave are marked by the network as the addresses of the developers of Grap Finance. After making a profit, the attacker returned the proceeds to the Cover team, destroyed the remaining additional cover, and left a message to the Yield Farming insurance address (the predecessor of the Cover agreement): Next time, take care of your own business.
“Sure enough, the founder of grap.finance is a DeFi hero, who just swiped it, 4350 eth has been called to the cover team.” The encryption KOL “Super Bitcoin” commented.
It sounds unfamiliar, and the COVER attacker seems to be a “white hat” of justice. But by smashing the market, so many investors lost their money, is such a “chivalrous spirit” really worth promoting?
Currently, YFI founder Andre Cronje has not yet commented on the incident, and Cover Protocol has not given an explanation for the accident. After the attack, centralized exchanges such as Binance temporarily suspended the deposit and withdrawal of COVER.
2. DeFi is not insured
COVER is not the first DeFi project to be attacked this year.
On the afternoon of December 14, Beijing time, the account of Hugh Karp, the founder of Nexus Mutual, the leading DeFi insurance project, was hacked and 370,000 NXM ($8.33 million) was stolen. The hacker first sold 102,000 NXM on 1inch and 16,000 NXM on Matcha. Subsequently, Nexus Mutual officially stated that the hacker address sold about 35,000 WNXM via 1inch.
According to the official disclosure details, after the attacker obtained remote control of Hugh Karp’s personal computer, he modified the Metamask plug-in used on the computer and misled him to sign the transaction in Figure 1-this transaction eventually transferred a huge amount of tokens to the attack In the person’s account.
For DeFi insurance projects, the original intention is to reduce risk losses for other DeFi projects. It has been coveted by hackers, so security protection should be strengthened. Nowadays, hackers have repeatedly attacked and suffered losses due to their own vulnerabilities. Can such insurance programs really help users resist risks?
Since “Code is Law” is advocating in the DeFi world, then do the code well and achieve the ultimate without leaving any opportunities for hackers.
Finally, I hope that the development of DeFi will get better and better, and there will be fewer vulnerabilities.
