- Aave’s Earning Farm protocol suffered a “reentrancy attack”, resulting in the theft of approximately $287,000 worth of Ether.
- The reentrancy attack resembles an ATM tricking tactic wherein hackers trick an ATM into repeatedly dispensing cash without realizing it has depleted the account balance.
- The Earning Farm protocol had previously undergone an audit by security firm Slowmist to enhance its robustness against potential threats.
Aave’s Earning Farm Protocol Suffers Reentrancy Attack
On Aug 9, the Aave’s Earning Farm protocol, a platform catering to Ether, wrapped Bitcoin (wBTC) and USD Coin (USDC) holders, fell victim to a “reentrancy attack,» resulting in the theft of approximately $287,000 worth of Ether. Blockchain security firm PeckShield brought the issue to light days after Curve Finance , another Defi platform, lost more than $70 million in a similar hacking incident.
Exploiting Function Calls for Unauthorized Advantage
The reentrancy attack executed on Aave’s Earning Farm protocol resembles an ATM tricking tactic, wherein hackers trick an ATM into repeatedly dispensing cash without realizing it has depleted the account balance. In the digital realm, hackers use this method to trick systems into granting them more resources. Subsequently, they gain access beyond what is rightfully permitted. Invoking functions that interact with contracts rapidly execute this manipulation. It exploits the time lag between function calls, providing unauthorized advantages.
Previous Challenges and Auditing Efforts
Regrettably, this is not the first instance of Aave’s Earning Farm protocol facing adversity. In October 2022, the protocol encountered two malicious hacks. These attacks targeted its EFLeverVault using flash loan techniques, leading to the loss of 750 ETH from the platform. These tactics allow hackers to borrow substantial sums of cryptocurrency within a single transaction and manipulate its value through a sequence of transactions and subsequently repay the loan in one fell swoop. The vulnerabilities exploited during these attacks capitalize on temporary imbalances and price inconsistencies enabling hackers to reap illicit profits. The Earning Farm protocol had previously undergone an audit by security firm Slowmist aiming to enhance its robustness against potential threats. Nevertheless, recent reentry attack has underscored ever-evolving nature of cybersecurity challenges faced by DeFi platforms today .