Exactly Protocol's Security Breach Compromising $7M
Exploring Exactly Protocol's recent hack, uncovering the events, the aftermath, and the broader implications for the DeFi community and crypto security.
In the world of decentralized finance (DeFi), security remains essential. Yet, even the most robust platforms can find themselves vulnerable. Exactly Protocol, a prominent DeFi player, recently experienced this firsthand, suffering a significant security breach that compromised $7 million.
On August 19, Exactly Protocol users were taken aback by a security breach that saw $7.3 million siphoned off from the platform. The attacker exploited a vulnerability in the DebtManager periphery contract. By inputting a malicious market contract address, the hacker was able to bypass the permit check. This allowed them to execute a malicious deposit function, effectively stealing the USDC deposited by users. The attacker then proceeded to liquidate these assets for profit.
Post-theft, on-chain data revealed that 4,323.6 Ethereum (ETH), equivalent to nearly $7.3 million at the time, was stolen from Exactly Protocol. The hackers then utilized the Across Protocol to bridge 1,490 ETH and transferred an additional 2,832.92 ETH to the Ethereum network via the Optimism Bridge.
On-chain details of the attack
Exactly Protocol's Response
Immediately after the breach, Exactly Protocol took swift action to address the vulnerability. They announced a fix the very next day, which was promptly approved and executed by the governance multisig.
To recover the stolen funds, Exactly Protocol's team reached out to the attacker, expressing their willingness to negotiate and discuss potential next steps. They used various communication channels, including X (formerly known as Twitter), to send their message. However, as of August 22, the team had yet to receive a response from the attacker. In a bold move, Exactly Protocol then announced a bounty of $700,000 for any information that could lead to the arrest of the hacker and the recovery of the stolen funds.
To trace the lost funds, Exactly Protocol partnered with Chainalysis, an on-chain analytics firm. This collaboration aimed to track the movement of the stolen assets and possibly identify the culprits behind the breach.
The Exactly Protocol incident is not an isolated event. The DeFi ecosystem has witnessed several security breaches in recent times. For instance, Hundred Finance, another DeFi protocol on the Optimism network, suffered a significant hack in April, leading to a loss of $7 million worth of cryptocurrencies.