After exploit, Warp Finance compensation plan takes promising strides

Published at: Dec. 20, 2020

In a blog post on Saturday night, Warp Finance — the latest decentralized finance (DeFi) protocol to suffer a smart contract exploit — announced promising strides towards recompensating users following a nearly $8 million flash loan attack. 

As Cointelegraph reported on Friday, the DeFi protocol, which offers stablecoin loans on liquidity pool token collateral, lost $7.7 million in USDC and DAI when an attacker used multiple flash loans to create liquidity pool tokens, manipulate Warp’s price oracles, and drain Warp’s stablecoin coffers.

Following the attack, a group of whitehack hackers convened to assist the protocol in assessing the damage and creating a fix for the exploit — and, in this case, recovering a portion of the lost funds.

In a post titled, “Exploit Summary & Recovery of Funds,” the Warp team notes that they could not liquidate the attacker’s loan due to the manipulated oracle, but with the help of the whitehat team managed to reclaim the liquidity pool token loan collateral.

“The loan collateral has since been secured by the warp finance team and will allow us to return approximately 75% of users’ deposited funds, thanks to support from the Ethereum and white hat community,” said the team.

The post said that the team will disburse funds to affected users on Dec 21st, 2020, and invited users to independently confirm that the snapshot they took of addresses is correct.

The team also doubled down on a complete compensation plan, promising the distribution of IOU tokens that will have some future utility to cover the remaining 25% loss:

“While we are relieved that lost funds have been partially recovered, we see this only as a first step to making Warp Finance users whole. For this reason we will issue Portal IOU tokens to every affected user. The end goal of the IOU token is to fully refund users, and potentially even giving them a profit on what they initially deposited.”

The Warp team’s devotion to completely covering user losses is part of what may be becoming a promising trend across exploited DeFi protocols

In a previous interview with Cointelegraph, Alan, a semi-anonymous core developer for Cover — a project offering ‘cover,’ and insurance-like product for DeFi users — said that developers taking responsibility for losses will ultimately push the space forward:

“I believe protocols (and their auditors) need to start taking responsibility for the code they push out,” he said. “Whether it is through they themselves providing coverage, or reimbursing funds, this type of behavior sets a strong precedent and allows users to feel more confident in the platforms they use, which helps boost TVL, so a win-win.”
Tags
Related Posts
Transaction batching protocol Furucombo suffers $14 million “evil contract” hack
The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple decentralized finance (DeFi) protocols at once, fell victim to the attack at roughly 4:45 pm UTC, which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar to the $20 million “evil jar” attack that struck …
Ethereum / Feb. 27, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Curve Finance exploit: Experts dissect what went wrong
Decentralized finance (DeFi) protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a DNS hijacking incident. The automated market maker warned users not to use the front end of its website on Aug. 9 after the incident was flagged online by a number of members of the wider cryptocurrency community. While the exact attack mechanism is still under investigation, the consensus is that attackers managed to clone the Curve Finance website and rerouted the DNS server to the fake page. Users that attempted to make use of the platform then had …
Ethereum / Aug. 10, 2022
DeFi was the most attacked ecosystem in 2022: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The DeFi ecosystem started 2023 on a bullish note, similar to the broader cryptocurrency market. However, the bullish start to the year didn’t diminish the damage caused by vulnerabilities and attacks in 2022. A new research report has highlighted that DeFi was the most vulnerable crypto ecosystem, at the receiving end of 113 exploits out of the total 167. On top of that, blockchain security experts have warned the trend could continue in 2023. …
Ethereum / Jan. 13, 2023