A decentralized finance (DeFi) protocol, known as New Free DAO has recently suffered flash loan attacks that took place in series. Due to the attacks, the protocol ended up losing funds worth $1.25 million.
New Free DAO Suffered Flash Loan Attacks
As reported by the teams at the New Free DAO, the flash loan attacks were performed in a series on Thursday. As a result of the loan attacks they suffered, their protocol ended up losing $1.25 million.
Ever since the attack took place and funds were lost, the trading value of the native token of New Free DAO has dipped by 99%.
Unique Offering by New Free DAO
While most of the protocols in the decentralized finance sector offer normal loaning services, the situation is different for New Free DAO. The particular protocol tends to offer flash loans.
Through the particular protocol, the users could gain access to larger amounts and loan them for their benefit. The best feature of acquiring loans via the particular protocol was that the users would not have to make any kind of upfront deposits.
Condition for Returning Loans
Although there is no condition for depositing collateral assets for the loan amount the protocol had one particular condition. The condition surrounding the return of the loan amount.
According to the New Free DAO protocol, the loan amount must be returned in a single payment and there is a deadline to return it.
The Hackers Took Advantage of the Feature
As the feature is unique in nature, it is misused by hackers when they proceed with carrying out exploits of the protocol.
The hackers are able to carry out very costly exploits when they are able to trespass such decentralized finance protocols.
CertiK Reported the Incident
On Thursday, CertiK, a blockchain security firm reported the incident revealing that it had witnessed a 99% slippage in the price of the NFD token. It confirmed that the slippage was the outcome of the flash loan attack carried out on the New Free DAO protocol.
The hacker gained access to the New Free DAO protocol where he managed to deploy a contract that had unverified existence. There, the hacker created a new function and added himself as a member of the NFD protocol.
After the account and memberships had been created, the hacker turned to launch multiple loan attacks on the protocol.
As a result, the hacker was able to borrow 250 Wrapped BNB (wBNB). The overall value of the borrowed wBNB was $69,825. Then the hacker swapped the loaned wBNB with NFD.
The hacker used the contracts to acquire wBNB through multiple airdrop rewards and swapped them with 4481 BNB.