The attack occurred on the protocol’s Binance Smart Chain and Polygon networks on the same day, with the Polygon network suffering more significant losses.
DeFi Hack: ApeRocket Suffers $1.2 Million Flash Loan Attack
The Decentralized Finance (DeFi) yield optimizer was involved in a series of ‘Flash Loan’ attacks. The attacks happened on ApeRocket’s Binance Smart Chain (BSC) platform and its Polygon fork, costing users $1.2 million.
Several reports disclose that the two hacks were carried out on respectively, at 4:30 AM UTC and 8:00 AM UTC. Regardless, ApeRocket has urged affected users to remain calm as they will be compensated.
What are Flash Loan Exploits?
As explained by Adelyn Zhou, the CMO of Chainlink Labs, flash loans can be used in ways other than originally intended. Individual’s with little or no market capital can manipulate the market as though they were a whale.
“The novelty of a flash loan is that it can temporarily make anyone in the world a very well-capitalized actor, with the potential to suddenly manipulate the market. In the recent string of attacks, we’ve seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially move a token’s price on a single exchange. This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing. ”
Importantly, the flash loan is only a tool which is used to make these attacks happen. Without vulnerabilities in the protocol’s themselves the flash loan attack would not be possible.
ApeRocket Releases Official Statement After DeFi Hack
In the official statement, the protocol explained how the hack happened, and the compensation plans to support affected users. However, we will not discuss how the hacker defrauded users but focus on the plans to compensate users.
As reported, ApeRocket will compensate affected users and holders of SPACE (BSC)/pSPACE (Polygon) before the attack. This will be done in the following ways:
Plan For BSC Network
The exploit on the BSC network occurred at 4:30 AM UTC, where the attacker hacked into ApeRocket’s CAKE vault and stole $260K (883 BNB) from SPACE token LP on ApeSwap. ApeRocket was working on creating a new version (ApeRocket V2) before the incident happened. The new version proposes more Annual Percent Yields (APYs), more compounds, and more possibilities than the V1 model.
Now that the hacker has penetrated the current version, the protocol is eager to initiate the update. It will be effective after aperocket.finance is relaunched.
For compensation, ApeRocket will open a compensation pool with a buyback strategy added to increase the price. The protocol will release details about the process shortly.
Plan For Polygon Network
According to the protocol’s statement, its launch on the Polygon network was done in a hurry, so the $1 million (521 ETH) hack on 14th July at 8 AM is unsurprising.
To avoid a similar occurrence in the future, the protocol plans to create a new token and distribute it to all holders of pSPACE. This will act as a form of compensation.
ApeRocket Halts Regular Process Following DeFi Hack
The yield farming aggregator and optimizer on the BSC took to Twitter to announce the deactivation of the SPACE minter after the unfortunate event. The SPACE minter mints the protocol’s native token — SPACE.
Therefore, SPACE will no longer be minted till further notice. In addition, there will be no performance or withdrawal fees, and funds are safe.
Users can now earn APR/APY listed in native farms at no cost because ApeRocket will be compounding for free for every user in its vaults till its plans are executed.
ApeRocket will conduct at least two audits before its V2 launch, according to the statement. In the meantime, the protocol is exploring several options because of the bandwidth limitations imposed by reliable audit companies.
What’s more, ApeRocket plans to publish at least one report before relaunching its website, including the proposed V2 launch.
With this in mind, the BSC-based yield optimization protocol has urged users to be calm, adding that they are sorry for the current situation caused by the DeFi hack. The plans put forward by the protocol will ensure that it regains users’ trust once again.
Thus, we expect the DeFi hack incident to make the protocol more potent and even better with the imminent launch of ApeRocket V2.
ApeRocket is a suite of products in DeFi that provides yield optimization strategies through the BSC, using ApeSwap liquidity. With automation, the protocol allows users to get the benefits of compounding with less effort. ApeRocket ensures that users’ tokens are automatically compounded with the best yields.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.