Akropolis Savings Pool Hacked for 2 Million DAI; Staking Pools are Safe
Another $2 million have been lost in the latest DeFi hack.
Akropolis, a decentralized and autonomous (DAO) community economies for lending, borrowing, saving, earnings, and pensions, reported a hack on Thursday.
Around 14:36 GMT, AKropolis noticed a discrepancy in the APYs of its stablecoin pools and identified that 2 million DAI had been drained out of the yCurve and sUSD pools.
“These pools had been audited by two independent firms, however, the attack vectors used in the exploit were not identified in either audit,” said the team.
The exploit was a combination of a re-entrancy attack with dYdX flash loan origination.
Just yesterday, the leading spot exchange had announced that AKRO is now a borrowable asset on Binance loans.
We recently identified a hack executed across a body of smart contracts in the "savings pools" that have been audited twice. We are working with security specialists and on-chain analytics providers and aim to make a more detailed statement shortly. Thank you for your patience.
— Akropolis (@akropolisio) November 12, 2020
As we reported, in 2020, the losses from hacks and thefts have increased to $468 million, a spike of 30% from $361 million in the entire last year.
20% of these hacks, at around $98 million, belong to DeFi space, which was negligible last year.
“The majority of funds on Akropolis are safe,” assured the team.
The team confirmed that only the Curve Y and Curve sUSD savings pools were affected and staking pools — Compound DAI, Compound USDC, AAVE sUSD, AAVE bUSD, Curve bUSD, Curve sBTC; Native AKRO and ADEL staking pools — are actually safe.
Since then, the team has paused all stablecoin pools, and crypto exchanges have been informed.
Since the incident, Akropolis’s token AKRO has lost 36% of its value and is currently trading around $0.01.
At the end of June this year, Akropolis’s mainnet was launched, and then in early late August, its token jumped past $0.035 high.
For now, the team is reviewing the code and security procedures and “exploring ways to reimburse users for the loss in a way that is sustainable for the project, and will make a proposal to the community prior to any final decision being made.”