image

Visor Finance Suffers another DeFi Hack as Losses Mount Up to $8.2M

Visor Finance is the latest DeFi protocol to suffer a multi-million dollar hack. As a result of the hack, Visor Finance lost 8.8 million VISR tokens due to a reentrancy flaw exploited by the hacker.

At the time of the hack, VISR tokens traded at around $0.93.

The Visor DeFi Smart Contract Exploit

On December 21st, 2021, 02:29:11 PM UTC, a malevolent contract stole 8,812,958 VISR tokens from Visor Finance’s staking contract.

Hackers used the IVisor delegateTransferERC20 interface to generate the exploit. The hackers also used the withdrawal function of the staking contract to call for the desired VISR amount. As a result, reliance on an external IVisor delegateTransferERC20 implementation by the caller allowed the exploit to succeed.

Bugs in the Visor decentralized system opened a door for an attacker to get away with crypto tokens. A full post-mortem investigation has not yet been conducted, but it is believed that the hacker exploited the vulnerability to assume control of the rewards contract. As a result, they could create extra VISR tokens.

Reentrancy bugs can be deadly in DEXs since they allow an attacker to create an infinite number of tokens. The Visor team announced the breach shortly after it occurred, stating that it had discovered a bug in its VISR staking agreement.

The team also stated that no positions or hypervisors were at risk. The assault primarily affects stakers and token holders since it has dropped dramatically since the attack. One VISR is valued at just $0.04 right now, having lost 95% of its value.

Users Compensation

The Visor team has stated that it will establish a migration date based on a before-the-hack snapshot to make up for it. The strategy of token migrations is a common way to counter DeFi hacks. They function by allowing token holders to exchange an equivalent quantity of new tokens for their existing holdings.

Users will redeem based on the total amount of VISR they had before the hack occurred. Although Visor has gained popularity since its debut, its financial journey hasn’t been without hiccups. It’s been breached several times this year. However, it characterized the most recent incident in November as a “Uniswap V3 arbitrage.”

Surprisingly, the protocol has been audited by CertiK, a security company that has previously missed other DeFi flaws; however, after the attack got an ongoing audit from Quantstamp.

According to Etherscan data, the attacker has already exchanged most of their VISR tokens for ETH via Uniswap. In addition, they’ve started funneling cash through Tornado.cash, a bundler for preserving Ethereum transaction history.

However, because of the liquidity issue, their investment will ultimately result in significantly less than $8.2 million worth of notional value.




Source link

0 0 votes
Article Rating

S’abonner
Notifier de
0 Commentaires
Commentaires en ligne
Afficher tous les commentaires
Reset Password

Avertissement sur les risques :

Le trading peut vous exposer à des risques de pertes supérieures aux dépôts et ne convient qu’à une clientèle avisée ayant les moyens financiers de supporter un tel risque. Les CFD sont des instruments complexes et présentent un risque élevé de perte rapide en capital en raison de l’effet de levier. Entre 74 et 89% des comptes de clients de détail perdent de l’argent lors de la négociation de CFD. Vous devez vous assurer que vous comprenez comment les CFD fonctionnent et que vous pouvez vous permettre de prendre le risque élevé de perdre votre argent. Ce site n’est en aucun cas une offre de conseil en investissement ni une incitation quelconque à acheter ou vendre des instruments financiers. Trader le Forex et/ou les CFD’s implique un niveau de risque élevé, et peut ne pas être approprié car vous pouvez subir des pertes supérieures à votre dépôt. L’effet de levier peut être en votre défaveur.

Vous devez être conscient et avoir une compréhension complète de tous les risques associés au marché et au trading. Le site Union-trader.com peut être amené à produire des commentaires d’ordre général, ce qui ne constitue pas des conseils en investissement et ne doit pas être interprété comme tel.

Veuillez recourir aux conseils d’un conseiller financier extérieur. Le site Union-trader.com décline toute responsabilité pour les erreurs, inexactitudes ou omissions et ne garantit pas l’exactitude ou le caractère complet des informations, textes, graphiques, liens ou autres éléments contenus dans cette documentation. Toute information et toute mise à disposition sur le site ont un caractère privé.