On Aug. 9, blockchain security firm PeckShield exposed fresh vulnerabilities across multiple decentralized finance (defi) projects.
Aave’s Earning Farm, which supports Ethereum (ETH), Wrapped Bitcoin (wBTC), and USDC, was a target and reportedly lost approximately $287,000 in ETH.
PeckShield is now alerting protocols about the potential danger of falling victim to re-entrancy attacks.
This type of attack happens when someone makes a call to a contract that can’t be trusted, and then another call is made that takes funds out. If the contract doesn’t update quickly enough, the attacker can keep withdrawing all funds from the protocol.
In October 2022, Aave’s Earning Farm faced two flash loan attacks on its EFLeverVault.
Supremacy, a blockchain security agency, stated that 750 ETH was stolen.
Flash loan attacks borrow large amounts of cryptocurrency in one transaction, manipulate its value across multiple transactions, and repay the loan within the same transaction.
The recent re-entrancy attack on Aave’s Earning Farm has since raised questions about potential coordinated efforts to exploit vulnerabilities across various defi protocols.
Multiple protocols, including those using Vyper programming language, have been targeted in recent weeks.
Even so, regulators are taking action to increase surveillance and implement measures to protect users.