Hackers Attack Elephant Money DeFi Platform, Steal Over $11M

Elephant Money, the DeFi protocol behind the ELEPHANT token, has said hackers have stolen $11.2 million worth of Binance Coin, a report said.

The company was reportedly facing an “automated attack” on its treasury.

In a Medium post, the company founder said they’re addressing the issue in partnership with CertiK, a blockchain security company, and DeFi insurance protocol InsurAce.

“It took a significant amount of capital to bust through the system’s defenses. Over $261M in volume,” the founder said. “Every time bad actors win it hurts the entire space. There are prominent teams that were aware of weaknesses and stood by and did nothing at your expense. Even after I and other community members asked them to disclose.”

Blockchain security companies took to Twitter to talk about the attack, saying it was a “traditional price manipulation attack,” in which the attackers borrowed wrapped Binance Coin in a flash loan and traded it for thousands of ELEPHANT tokens.

The attackers reportedly minted TRUNK stablecoins, which raised the price of ELEPHANT tokens, eventually trading in both types of coins for Binance Coin and Binance’s US Dollar stablecoin.

“Since the token value after the attack is more than the cost, the attacker can get around $4 million profit in one round of the attack,” BlocSec said, noting that the attacker simply repeated this process to steal more funds.

See also: Betting Big, Hacker Risks $3M to Con DeFi Lending Protocol out of $15.6M

PYMNTS wrote that in other crypto hacking news, a hacker who gambled $3 million that a DeFi protocol was exploitable was proved right, and he was able to get away with $12.6 million in profits.

Crypto hacks are nothing new, especially DeFi hacks. But this one had some worrisome aspects, notably that it was “a real gamble” according to the report, with its failure meaning the crook would’ve lost $3 million in ether.

And there was the question of DeFi security, in which the oracle was tricked into thinking Inverse Finance’s native INV crypto was worth more than it actually was, letting the criminal take out much more loads of crypto coins.