Price manipulation of LP tokens ejected OShare tokens from protocol

Flash loan attack on One Ring protocol nets crypto-thief $1.4 million

Attackers have stolen $1.4 million from the One Ring protocol via a flash loan attack, blockchain platform One Ring Finance has revealed.

Losses from the attack, which unfolded on Monday (March 21), totaled $2 million after swap and flash loan fees, said One Ring, a ‘multi-chain cross-stable yield optimizer platform’.

The hacker borrowed $80 million in USDC with Solidly flash loans to raise the price of the underlying LP tokens in the block span, according to a One Ring post-mortem published on Tuesday (March 22).

“This changed OShare’s price and drove a large amount of OShare tokens out of the protocol.”

The attack did not affect OneRing (RING) tokens, liquidity pools, or “farming opportunities in the Fantom space”, said One Ring.

Track the attack

The so-far unknown hacker, who made off with more than $1.4 million in USDC stablecoin, configured the contract used for the exploit “to self-destruct at a specific block, making it almost impossible to track what specific functions from our contracts were called in order to steal the funds”.

“We are already working with node providers in order to get the information of the block where the contract was deployed,” added One Ring. “We believe we can find the bytecode, decompile it and at least have a brief idea on how this contract was structured.”

YOU MIGHT ALSO LIKE Sophos fixes SQL injection vulnerability in UTM appliance

The hacker’s Ethereum wallet was funded by Tornado Cash and the stolen funds were turned into the same tumbling protocol, which obfuscates transaction history.

This made “it almost impossible to track” the source of the attacker’s funding or warn other platforms of the attacker’s activities”.

‘Clean all our code’

One Ring said it was nevertheless working to identify the attacker, as well as restart its vault, redeploy smart contracts, compensate victims, and remedy vulnerabilities exploited by the hacker.

“We have been collaborating with many qualified developers and protocols in order to clean all our code,” it said. “This was completely unexpected, even for some senior developers that reviewed our code before.”

Catch up on the latest cybercrime news and analysis

One Ring has also extended a “longshot” offer to the hacker of 15% of the stolen funds and one million RING tokens as a bounty for returning the funds.

Blockchain security company CertiK said on Tuesday it is currently auditing another One Ring contract and has discovered vulnerabilities that may lead to further flash loan attacks.

“This is why CertiK highly recommends and stresses the importance of getting an audit before deployment of a contract,” said CertiK CEO and co-founder Ronghui Gu.

RELATED Couple charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack