Recently, decentralized exchange WOOFi experienced an $8.75 million exploit on its lending market on Arbitrum. WOOFi has since released a post-mortem report detailing the attack and offering a 10% whitehat bounty to the attacker.
According to the report, the attacker manipulated WOOFi’s Synthetic Proactive Market Making (sPMM) algorithm, causing the platform to pause the manipulated contracts. Upon further investigation, it was discovered that the hacker had carried out a series of flash loan attacks, starting on March 5 at 15:49 UTC.
The exploit involved borrowing approximately 7.7 million WOO tokens and other cryptocurrencies, selling them into WOOFi to manipulate the price of WOO near zero. The attacker then quickly swapped out 10 million WOO three times, resulting in a profit of $8.75 million.
Although various blockchain security platforms detected the exploit, the attacker had already made off with the funds. WOOFi is now offering a 10% whitehat bounty to the attacker and has also initiated a bounty on Arkham Intelligence for any additional information on the attack.
Fortunately, WOOFi’s services such as WOOFi Pro, Stake, and Earn were not affected and remain fully operational. The team has also stated that they are working to retrieve the funds and have shared updates on Twitter.
In the aftermath of the attack, WOO price dropped from $0.59 to lows of $0.48, but has since recovered to $0.52 at the time of writing.
In conclusion, WOOFi’s post-mortem report provides insight into the attack and their efforts to recover the funds. The platform remains operational, and steps are being taken to prevent future exploits.
