The hacker siphoned 810.1 ETH (about $1.5 million at the time of writing) from the Rodeo Finance DeFi protocol on the Arbitrum network using manipulations with oracle.
According to PeckShield’s analysis, after the breach the attacker sent the stolen assets to the Ethereum network, and then swapped them for unshETH to move the funds to the staking service Ankr. Subsequently, he laundered the cryptocurrency through the Tornado Cash mixer.
Rodeo Finance representatives have not yet publicly commented on the incident.
Wintermute’s head of research, Igor Igamberdiev, told The Block that the attack was a “manipulation of the TWAP oracle”.
He added that the hacker artificially distorted the asset’s average price to gain an improper advantage during transactions. The attack reportedly used a flash loan, he noted.
Igamberdiev clarified that the attacker likely borrowed a large sum, devalued the asset with the exploit, and then bought even more coins at an artificially suppressed price.
PeckShield experts added that a serious flaw lay in the USDC-to-wrapped ETH path and then to unshETH. The expected slippage control, designed to prevent excessive price deviation, did not function properly due to a fault in the price oracle, the analysts explained.
Earlier, in July the DeFi protocol Arcadia Finance was hacked for $455,000. PeckShield noted that the code reportedly lacked a cross-check mechanism for unverified inputs.
Beosin previously reported that in the first half of 2023 the digital-asset sector lost about $655.6 million due to hacks, frauds and rug pull.