Cheese Bank’s multi-million-dollar hack explained by security firm

Published at: Nov. 16, 2020

An Ethereum-based decentralized finance platform known as Cheese Bank recently suffered a $3.3 million loss — the product of a hack in early November. The thieves utilized a somewhat newly found weakness in the DeFi sector that harnesses flashloans. The Cheese Bank thieves stole the cheddar via dollar-pegged stablecoins USD Coin (USDC), Tether (USDT) and Dai. A number of other platforms have also suffered similar fates in recent days.

“In the string of attacks, we have seen malicious actors use flash loans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially manipulate the price of a specific token on a single exchange (e.g., Uniswap, Curve),” blockchain security firm PeckShield said in a blog post on Monday after citing Value DeFi and Akropolis as two other recent similar DeFi hacks. 

“This sequence is essentially the foot in the door, allowing the attacker to then exploit that exchange’s anomalous pricing.”

Value DeFi suffered a hack similar to Cheese Bank’s a few days ago. A sly character pilfered $6 million from the blockchain-based protocol, also harnessing USDC, USDT and Dai in conjunction with the effort.

Flash loans, a function of the DeFi ecosystem, seem to offer a hole of sorts through which funds can be stolen. Malicious parties also recently hacked Akropolis in another similar incident.

Referring to the Cheese Bank hack in early November, the PeckShield post detailed: “This particular hack drains $3.3 million of USDC/USDT/DAI from Cheese Bank by exploiting a bug in its way to measure asset price from an AMM-based oracle.” The nefarious parties stole the funds on Nov. 6.

The decentralized finance niche of the crypto sector has exploded in 2020, representing the latest intra-sector bubble, with Uniswap serving as a popular DeFi exchange. The sector cooled for a period amid Bitcoin’s soaring price, although DeFi hype appears to be picking up once again.

Tags
Dai
Related Posts
Stablecoin RAI launches, a pure, decentralized alternative for DeFi
New Ethereum-backed stablecoin RAI hopes to be the savior of the DeFi sector by providing a truly decentralized stablecoin alternative. Developed by blockchain startup Reflexer Labs, RAI is not pegged to any fiat currency and its monetary policy is managed by an on-chain, autonomous controller. It's a fork of Maker's DAI. RAI co-founder Ameen Soleimani explained: “RAI is an asset backed only by ETH, governance-minimized, and programmed to maintain its own price stability without needing to peg to an external price reference like the USD.” Soleimani believes that RAI, which he dubbed “A Money God,” has far greate potential than …
Decentralization / Feb. 19, 2021
Analyst says DeFi and stablecoins held up well as crypto markets imploded
The decentralized finance (DeFi) sector faced its first real challenge during last week’s market sell-off that saw more than $1 trillion wiped from the global cryptocurrency market cap as traders feverishly ran for the safety of stablecoins amid tumbling prices. Despite rapidly declining token prices, the nascent DeFi sector held its own as decentralized exchanges experienced a record $11.7 billion in trading volume on May 19. Uniswap (UNI) led with $5.7 billion in volume, followed by SushiSwap (SUSHI) which saw $2.8 billion in 24-hour trading volume. According to the recent DeFi Uncovered report from Glassnode, blue-chip DeFi tokens including, UNI, …
Markets / May 26, 2021
Ethereum layer-two network to offer batched Tether payments
Popular stablecoin Tether (USDT) is the first token to go live on the Hermez layer-two network, the company announced on Monday. As part of the collaboration, batched USDT transactions will be possible once the Hermez network officially launches in early 2021. David Schwartz, project lead at Hermez, told Cointelegraph: “Hermez network is run by permissionless coordinators who will decide the transactions included in each batch, based on incentives (fees).” Back in December 2020, Delphi Digital published a report showing that layer-two rollups accounted for less than 1% of the entire daily decentralized exchange trading volume. For Hermez, the small proportion …
Technology / Jan. 11, 2021
Compound liquidator makes $4M as oracles post inflated Dai price
The crypto market suffered a powerful crash on Thursday morning UTC, which sent prices of major currencies such as Bitcoin (BTC) and Ether (ETH) tumbling in excess of 10%. When traders rush for the exits, the price of stablecoins generally increase as the demand for stability rises. In today’s crash, however, the effect became particularly pronounced on Dai, which briefly traded for $1.3 between 7 am and 8 am UTC. Most notably, Dai traded at this inflated valuation only on Coinbase and Uniswap, while other exchanges including Kraken and Bitfinex seem to have maintained a relatively stable price. Coinbase and …
Technology / Nov. 26, 2020
Some loans on Maker are never liquidated, prompting debt auction overhaul
The Maker community is looking for solutions after an analysis by B.Protocol suggests that it is possible to exploit the liquidation system to create under-collateralized debt. The researchers created small vaults for $128, just above Maker’s “dust” parameter that defines the minimum size for new vaults. As Maker’s oracles updated to new prices that made these vaults eligible for liquidation, B.Protocol found that the debt remained unclaimed for several hours. While the researchers later closed the bad debt loans on their own, the mechanism could be abused to create a Dai position that would never be liquidated. Splitting a $1 …
Technology / Nov. 16, 2020