Nereus Finance, a lending protocol on Avalanche blockchain, has experienced a fast loan exploit, leading to $371,406 stolen. 

On September 6th, blockchain security firm CeriK was the first to announce the exploit. The company claimed it had effected liquidity pools on Nereus, which have connections to automated market maker Curve Finance and decentralized exchange (DEX) Trader Joe.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe – We publish new crypto explainer videos every week!

On the following day, September 7th, Nereus Finance shared its take on the exploit. 

Under the segment called “So what happened?”, the company noted:

An exploiter was able to deploy a custom smart contract and that leveraged a $51M flash loan to manipulate the AVAX/USDC Trader Joe LP pool price for a single block resulting in the ability for the exploiter to mint 998,000 NXUSD against ~$508k worth of collateral.”

Moreover, the company highlighted that hacker created around $500,000 NXUSD bad debt in the NXUSD protocol. Nereus Finance claims they have paid off the bad debt using their team’s treasury. 

The company noted that the exploit happened due to a “missed step in the price calculation.”

On the other hand, on September 8th, the decentralized finance (DeFi) protocol, New Free DAO, faced multiple flash loan attacks. It is estimated that the company lost $1.24 million. 

The announcement about the exploit has been shared on Twitter by the blockchain security firm CeriK.

Based on the reports, the hacker used the “addMember()” function to add themselves as a member to an unconfirmed contract. Afterward, the hacker carried out three flash loan attacks. 

It seems that the hacker used an attack contract to borrow Wrapped BNB (WBNB) and exchanged it for New Free DAO’s NFD tokens through flash loans. 

The blockchain security firm claims that the attacker may be tied to Neorder attack, which faced the theft of 930 BNB tokens back in May. 

by Aaron S. – Expert Reviewer, BitDegree