Cryptocurrency borrowing and lending service Akropolis says a hacker used a “flash loan” attack against its platform and stole roughly $2 million worth of Dai cryptocurrency.
The attack took place yesterday afternoon (GMT timezone), and Akropolis admins paused all transactions on the platform to prevent further losses.
Akropolis says that while it hired two firms to investigate the incident, neither company was able to pinpoint the attack vectors used in the exploit.
Nonetheless, the intrusion was identified as a “flash loan” attack.
Flash loan attacks have become common against cryptocurrency services running DeFi (decentralized finance) platforms that allow users to borrow or loan using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.
Flash loan attacks take place when hackers loan funds from a DeFi platform (like Akropolis) but then use exploits in the platform code to escape the loan mechanism and get away with the funds.
These attacks have been growing in numbers since early February this year, and one of the biggest flash loan attacks took place last month, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance.
The good news is that Akropolis says it has already identified the attacker’s Ethereum account, which would allow it to track funds as they move around the blockchain.
The DeFi platform says it already notified major cryptocurrency exchanges about the hack and the attacker’s wallet in an attempt to have funds frozen and prevent the attacker from laundering funds into other forms of cryptocurrencies, lose the investigators’ tracks, and cash out the funds.
Akropolis said it is currently exploring ways to reimburse users for the loss.