The irony is palpable in the cryptocurrency world as the Exactly Protocol, based on Optimism, has become the victim of a recent exploit resulting in a staggering $7.3M loss. Taking an all hands-on-deck approach to recovering the lost funds, the DeFi protocol is offering an attractive bounty of $700,000 for any information that could lead to the capture of the perpetrator.
According to the Exactly Protocol team, the loophole that the hacker exploited was in the DebtManager periphery contract. The previous security measures failed to prevent the attacker from slipping through by deploying a harmful market contract address. This slick move allowed the rogue agent to bypass the set permit check and run a malevolent deposit operation. Consequently victims’ deposited USDC was pilfered, and their assets liquidated for the hacker’s gain.
In the aftermath of the hack, the Exactly Protocol acted quickly, proposing a fix the very next day. The solution was subsequently approved and duly activated by the governance multisig. The message of this swift and timely response was shared on the social media platform, X. As an additional measure, the team tried to initiate talks with the hacker, offering a dialogue to discuss potential remedial steps.
Regrettably, the black-hat hacker opted not to reply. This nonchalance dampens the chances of an amicable resolution to the breach, and propels Exactly Protocol to go on the offensive. They have, therefore, listed a considerable bounty for leads that could deliver the hacker into the hands of the law and retrieve the stolen funds.
Alongside this, Exactly Protocol has alliance with the on-chain analytics firm, Chainalysis, in an effort to track the funds pilfered in the exploit.
Instances such as this and the earlier $7 million theft suffered by Hundred Finance, another lending and borrowing DeFi protocol, heighten the cry for more robust regulations on the industry. These are disconcerting reminders of the security flaws which make bridge exploits in the DeFi ecosystem all too frequent. Noticeably, this exposes the uncomfortable dichotomy between the prized autonomy of blockchain and the consequent responsibility to ensure users’ safety in an environment known for its financial volatility.
Source: Cryptonews