Warp Finance Post Mortem Promises to Return 75% of Lost Funds

Share Article
In Brief
  • Warp Finance details flash loan attack in post mortem.

  • $7.76 million in DAI was stolen during the incursion.

  • Warp promises to return 75% of funds to users.

  • promo

    Want to learn how to trade? Get a beginners guide from _BeInCrypto Academy_ now!

The Trust Project is an international consortium of news organizations building standards of transparency.

On Thursday, Dec. 17, the decentralized finance protocol Warp Finance became the latest project to lose funds in a flash loan attack.



The team just released a summary of what actually happened. They also promised to return most of the lost funds.

The attack followed a process seen in a large number of DeFi related exploits this year. The theives used flash loans to borrow collateral and drain Warp Finance stablecoin pools.



Warp Finance is a new DeFi platform, announced in early November. It enables users to deposit liquidity provider (LP) tokens and receive stablecoin loans in exchange.

The attack, according to the post mortem report, was a flash loan exploit ‘due to a gameable oracle’. A flash loan is when collateral is borrowed and repaid within the same transaction.

Warp Finance Post Mortem

It added that the collateral value was worth less than the loan. This is why a standard liquidation was unable to take place. A total of $7.76 million was lost according to Warp Finance, which added that they had been able to return three-quarters of the user funds;

“The loan collateral has since been secured by the warp finance team and will allow us to return approximately 75% of users’ deposited funds, thanks to support from the Ethereum and white hat community.”

The attacker made several flash loans via the dYdX exchange, and multiple flash swaps via Uniswap. The attacker then executed a contract that flash swapped $180 million from Uniswap and flash borrowed $51 million from dYdX. This allowed the attacker to borrow more than their collateral. This resulted in a loss of stablecoin lender funds. Warp Finance relied on vulnerable Uniswap liquidity pool token prices, according to the Rekt Blog, which detailed the offending transactions.

75% of funds returned

In approximately 24 hours the protocol will distribute the recovered funds. Amounts to affected users will be proportional to the amount of W-USDC and W-DAI held at the time of the snapshot. Also, the platform will be issuing ‘Portal IOU’ tokens and users will need to redeem them on Uniswap.

“The reason we have chosen to return LP tokens instead of stablecoins is that these are the tokens we’ve been able to recover. We did not want to add any complexity or risk to the refund process.”

They stated that the recovered tokens are ETH/DAI-LP tokens. This means that the return is a token consisting of Ethereum and DAI deposits. Users can take these LP tokens to claim the underlying assets on Uniswap.

Several DeFi protocols have fallen victim to flash loan attacks recently. Known victims include Origin Protocol, Akropolis, and Harvest Finance.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been writing on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Trade with the Best Crypto Signals - guaranteed profits with over 70% accuracy

Join now

Want to learn how to trade? Get a beginners guide from BeInCrypto Academy!

Learn now