Breaking: Akropolis Reportedly Hacked for $2M in DAI Stablecoins

Details of the Akropolis Hack

Tweeting on Nov. 12, the project revealed:

“We recently identified a hack executed across a body of smart contracts in the ‘savings pools’ that have been audited twice.”

In a follow-up Tweet from Akropolis, the project assured users that staking pools remained safe. According to the company, the hack only affected the Y and sUSD Curve savings pools. On-chain investigation by BeInCrypto shows that the exploit took place around 12:05 PM UTC. The attacker executed consecutive targeted exploits on Akropolis’ Curve savings pools. Apart from the batched attacks, the suspected hacker also drained the pool of $2 million in DAI tokens, which was transferred to a different address. As of press time, the stolen funds remain in this second account.

Audit Not a Guarantee for Safety in the DeFi Space

If the incident does indeed turn out to be a hack, it will be yet another audited DeFi project to fall victim to a malicious cyber intrusion. Even worse, the news could mark another dent in the code auditing ability of blockchain auditing firm CertiK. Indeed, other CertiK certified DeFi projects like stablecoin issuer Lien and lending protocol bZx have suffered massive attacks in the past. Throughout 2020, many DeFi protocols have come under various attack vectors with rogue elements gaming the system to siphon funds from their coffers. As previously reported by BeInCrypto, an attacker managed to drain about $500,000 in ETH from Balancer pools. Rogue actors also took advantage of Bancor code vulnerabilities to siphon $460,000 from the project earlier in the year. While crypto crime is on the decline, the DeFi space is fast becoming an attractive proposition for rogue actors. According to a recent report by crypto intelligence outfit CipherTrace, DeFi-related theft cases are on the rise as malicious entities are taking advantage of the hype around the novel market to fleece unsuspecting victims.