OneRing Finance DeFi protocol hacked for $2 million

The multi-chain yield-optimisation protocol in stablecoins OneRing Finance was hacked. The hacker withdrew $1.45 million using a flash loan, with the project’s losses amounting to about $2 million.

We got hacked today, a few hours ago OneRing protocol suffered from a flashloan attack that was completely unexpected. Please read:https://t.co/w0Xfl7gChK

— OneRing (@Onering_Finance) March 22, 2022

To carry out the exploit, the attacker deployed a special smart contract on the Fantom platform. Because the script was set to self-destruct, it is almost impossible to determine which vulnerabilities were exploited, the project team noted. To obtain any information, they are working with node providers.

“This merely tells us that the hacker is a professional, and since we were the only breached protocol, the attack was thoroughly planned,” the statement said.

PeckShield researchers traced the main steps of the incident.

3/ To illustrate, we use the hack tx and show the key steps below pic.twitter.com/FidWcSo3NW

— PeckShield Inc. (@peckshield) March 22, 2022

After deploying the smart contract, the attacker borrowed 80 million USDC via a flash loan, which he used to manipulate the price of the OShare token in the liquidity pool.

After repaying the loan, its profit amounted to $1,454,672. Due to swap fees and loan repayments, another $500,000 was lost. In total, the protocol’s losses amounted to nearly $2 million.

The stolen funds were moved from Fantom to Ethereum and immediately sent to the Tornado Cash mixer. Through this service he funded a newly created wallet that he used for the attack.

“This address is as clean as possible, and the assets currently disappearing into Tornado Cash limit our ability to contact exchanges and any parties to prevent the hacker’s funds from being withdrawn,” said the OneRing team.

The developers stressed that only the OShare liquidity pool on the Fantom platform was affected. The rest of the funds are safe, but the project has suspended all vault operations.

OneRing said they are working on a plan to reimburse users.

The protocol team offered the hacker 15% of the stolen funds plus 1 million native RING tokens in exchange for a return, though called such a development “unlikely”.

Following the breach, the project’s token price fell from around $0.93 to near $0.82.

Earlier in March, an unknown attacker used flash loans on the DeFi project Deus Finance DAO and earned about $3 million. The attacker also hacked the Agave and Hundred Finance protocols, with losses totaling about $11 million.