DeFi Platform Woofi Exploited: Hackers Reportedly Swipe $8.75M in Cryptocurrencies

Decentralized finance (DeFi) platform Woofi fell victim to a sophisticated attack, resulting in the illicit extraction of $8.75 million in cryptocurrencies. The hackers attacked Woofi Swap's Synthetic Proactive Market Making (sPMM) algorithm on March 5th, which is the backbone of the pricing mechanism on the Arbitrum network.

According to a recent report from the Woofi team, the attackers utilized a pattern of flash loans to manipulate the value of Woofi's native token, WOO. They borrowed approximately 7.7 million WOO tokens and other assets from Woofi, then sold them off, nearly reducing WOO's value to zero. Seizing on this distorted pricing, the exploiter executed three consecutive swaps of 10 million WOO at minimal costs, accumulating substantial gains.

‍

Swift Action and Investigation

Woofi confirmed the attack and detected the anomaly using its transaction monitoring system, leading to the suspension of Woofi Swap's smart contracts by 11 am ET. The team acted to prevent further losses and launched an investigation into the incident.

While other Woofi contracts remain operational, Woofi Swap v2 remains paused, with the team aiming to resolve the issue and redeploy within two weeks, proceeding with the planned release of v3 later this spring.

Further, the Woofi team initiated efforts to recover the stolen funds, offering a 10% whitehat bounty to the exploiter. 

The Woofi Swap team pledged to eliminate vulnerabilities before redeploying contracts before redeploying Woofi Swap.

The price of each WOO token across various exchanges experienced an 18% drop post-incident, falling from $0.59 to $0.49. However, it has since rebounded to above $0.53.