$7 800 000 USD





"Warp Finance is an open finance platform that aims to extend the capabilities of liquidity provision, enabling new streams of yield." "The Warp Protocol’s primary objective is to create a novel use case for unused Liquidity Provider (LP) tokens by allowing them to be used as collateral for lending. Users will be able to deposit LP tokens onto the Warp platform and receive stablecoin loans in exchange, while their LP tokens continue to earn from Uniswap’s rewards." "The project was launched in October 2020."


“We are investigating suspicious loans made in the last hour and recommend not depositing stablecoins into the account until we have clarified all the details.” "Someone used multiple transactions within the flash loan scheme to drain USDC and DAI vaults of the protocol."


"The hacker utilized a complex scheme to retrieve a value much higher than the collateral limit, making the lender lose money." "On December 17th, 2020 the Warp Finance protocol experienced a flash loan exploit due to a gameable oracle that resulted in the user being able to withdraw a $7.76m loan. Due to the nature of the exploit, the collateral value is worth less than the loan, which is why a standard liquidation was unable to take place. The loan collateral has since been secured by the warp finance team and will allow us to return approximately 75% of users’ deposited funds, thanks to support from the Ethereum and white hat community."


"Using this technique, the attacker was able to remove $7.8m of DAI, aided by the fact that Warp.finance relied on vulnerable Uniswap LP token prices. This allowed them to borrow more than their collateral, and resulted in a loss of stablecoin lender funds."


"According to popular crypto-twitter blogger Nick Chong, the attacker got only $1 million in ETH. The rest had to be spent on commissions."


"Warp said it was able to recover the liquidity provider tokens that represented the collateral for $5.85 million. “We successfully recovered the exploiter’s loan collateral in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds,” it said in a statement."


"The project said it would distribute the recovered funds to affected users in the next 24 hours. The amount would be proportional to 75% of the liquidity token amount deposited by users, as the $7.7 million in stablecoins (held by the hacker) have still not been recovered."


"At 0230 UTC on December 22nd, 2020 [Cover Protocol] successfully dispersed ETH/DAI-LP tokens to users worth $5.688m representing approximately 73% of funds."


"It’s our commitment to ensure the longevity of the Warp Finance protocol through initially reimbursing the recovered collateral and then making efforts to compensate and incentivize user’s involvement in Warp Finance’s vision."

Warp Finance offered a lending platform where you can stake your liquidity provider tokens and earn interest.


Of course, you have to put your tokens into a smart contract. A hacker decided that they wanted the coins in the smart contract.


The exploit was highly inefficient and required some collateral which offset the losses, however the hacker still profited millions which was not returns to affected users.


Always be careful with where funds are stored. Smart contracts are not provably secure. The best security for the storage of cryptoassets is an offline multi-signature wallet.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.