DeFi Attack

Some of the strongest Decentralised Finance use cases to date are borrowing and lending protocols. The transition to a fully-mature economy that includes lending will place blockchain-based finance center-stage, bringing many new investors — and borrowers — to the DeFi space.

With the much lower interest rates compared with traditional borrowing services, alongside other qualities such as speed and transparency, it is no wonder why the DeFi market is expected by many to be the future of finance.

However, these new products and services are not without risk.

DeFi protocol xToken announced it suffered an exploit, through which $24.5 million in SNX and BNT tokens were drained by an attacker using flash loans. Flash loans are a new type of near-instant, un-collateralised lending made possible with blockchain technology. While these loans have gained popularity, they also have made multiple recent headlines for the wrong reasons, as they are being used to exploit several vulnerable DeFi protocols.

Flash loan attacks are where a cyber-thief takes out a flash loan from a lending protocol and uses it alongside various types of gimmickry to manipulate the market in their favour. They can be used to get access to large amounts of funds at a cheap rate because the crypto is repaid instantly.

In this case, the malicious actor found a weakness in the smart contract, which gave them the ability to sell wrongly minted tokens. Many of the smart contracts that govern the loans in DeFi rely on price oracles to input the value of the assets at any given time. There is no guarantee that these are accurate, which means users could lose millions.

Users could lose millions to malicious actors.

Currently, due to the fact that the smart contracts are immutable in nature, if the oracles push inaccurate data to the contract, the contract will result in a incorrect execution and end up favouring some malicious actor, and there is nothing to undo this procedure in the market.

These type of attacks don’t just result in stolen funds, they can severely damage a projects reputation and resources, as shown by xToken’s TVL dropping by roughly 30% to $63M.

Michael J Cohen, xToken’s founder observed, “DEFI CAN BE BRUTAL AND WE IMAGINE IT’LL TAKE US SOME TIME TO REGAIN THE TRUST OF OUR STAKEHOLDERS. HOWEVER, WE FULLY INTEND TO PUT IN THE WORK AND WE HOPE WE CAN REGAIN YOUR TRUST OVER TIME”.

ASTRA would prevent malicious actors from using flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens. ASTRA ensures that any disagreements can be resolved and that the borrower and lender are never out of pocket.

If a transaction results in one party being unhappy with the outcome, it will be reviewed by multiple independent experts, with the majority decision determining the outcome. The decision and funds are then passed back to the relevant parties.

The ability to exploit smart contract weaknesses as well as other malicious methods of obtaining funds would be removed from the DeFi market with ASTRA.