Another Day, Another DeFi Hack: Indexed Finance ‘Incident’ Costs Users $16 Million

October 16, 2021, 10:30 AM AEST - 1 month ago

The decentralised finance (DeFi) platform Indexed Finance has suffered its first hack, bleeding two of its pools of an estimated US$16 million.

The platform announced on October 15 that there was something going on affecting the DEFI5 and CC10 pools.

Rebalancing Mechanism Exploited

After further inspection, it was found that hackers had exploited a weakness in one of the mechanisms used to balance pool token weightings. The attack affected the way index pools are rebalanced, with a more detailed description supplied in a post-mortem:

Security firm PeckShield reported that the attacker had stolen 15 ETH, 226.9K UNI, 7.5K AAVE, 6.4K COMP, 845.8K CRV, 516 MKR, 45.4K SNX, 33.2K LINK, 5.2K YFI, 17.8K UMA and 131.6K BAT, totalling around US$16 million. At the moment the $16M is sitting in the attacker’s account (0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe) with security firms keeping an eye out for movement.

According to the bot on Discord, the two pools that are now inaccessible have been left with US$288,000 and US$2 million in TVL, respectively.

NDX Token Drops 28%

Unsurprisingly, the protocol’s native NDX token has dumped 28 percent from US$3.35 to US$2.34 where it currently trades according to CoinMarketCap. The coin was trading at an all-time high of US$27.71 in February and is down 90 percent since then.

Those who have lost everything live in hope that the situation might resolve the way August’s Poly Network hack played out, with the hacker returning the funds and highlighting a major vulnerability.

As for compensating people who lost funds, this is – so soon after the event – still up in the air […] The core team will be discussing with the community how best to handle this situation.

Indexed Finance statement

They’ll be talking to similarly affected protocols for insights into their own approaches. It is still unclear whether the incident is a tombstone for the DeFi project or whether there will be a way to recover the funds or compensate users and restart.

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.