Breaking: Hackers Exploit WOOFi Swap Algorithm, Manipulate WOO Token Value
Hackers exploited the sPMM algorithm, the core of the WOOFi Swap price mechanism on the Arbitrum network on March 5th, causing a severe manipulation of the WOO token value. The attackers used a smart pattern of flash loans to drive the token value almost to zero. However, the WOOFi team took swift action within 13 minutes to prevent the stolen amount from increasing beyond $8.5 million.
– Hackers targeted the sPMM algorithm on the Arbitrum network
– Manipulated the value of the WOO token using flash loans
– Team’s quick response limited the stolen amount to $8.5 million
Hackers’ Tactics in Attacking the Pool
The post-mortem report released by the WOOFi team revealed the tactics used by the hackers in the attack. The exploiter borrowed 7.7 million WOO tokens and other assets to sell the WOO tokens on the platform, causing the sPMM to incorrectly adjust the token’s price drastically, almost to zero. The exploiter then swapped 10 million WOO tokens in the same transaction at minimal cost, repeating this attack three times to generate profits of around $8.75 million after returning the flash loans.
– Exploiter borrowed 7.7 million WOO tokens and other assets
– Sold the WOO tokens on WOOFi causing a drastic price adjustment
– Profited around $8.75 million after repeating the attack multiple times
WooFi Faces First Breach Since Its Release
Despite being relatively problem-free since its launch in 2021, WOOFi experienced its first breach in the recent attack. The integration of lending markets for WOO tokens on Arbitrum, combined with low liquidity levels elsewhere, created an opportunity for hackers. While WOOFiSwap was deployed across multiple networks, the absence of the WOO token and lending market on other chains acted as a deterrent to replicating the exploits.
– WOOFi faced its first breach since its launch in 2021
– Integration of lending markets on Arbitrum provided an opportunity for hackers
– Absence of WOO token on other chains hindered exploit reproduction
Conclusion:
The WOOFi team is currently focused on recovering the lost funds, offering a generous 10% white hat bounty and reaching out to the hacker for negotiation. Additionally, a bounty has been placed on Arkham Intelligence for anyone providing valuable information that leads to the identification of the hackers. Stay updated as the investigation progresses for more details!
**Stay Informed, Stay Secure** 🛡️.
By
By
By