{"id":13925,"date":"2022-09-10T17:07:20","date_gmt":"2022-09-10T17:07:20","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/371k-in-usdc-stolen-in-an-avalanche-flash-loan-exploit\/"},"modified":"2022-09-10T17:07:20","modified_gmt":"2022-09-10T17:07:20","slug":"371k-in-usdc-stolen-in-an-avalanche-flash-loan-exploit","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/371k-in-usdc-stolen-in-an-avalanche-flash-loan-exploit\/","title":{"rendered":"$371K in USDC stolen in an Avalanche flash loan exploit"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Bitcoin, Ethereum &amp; Crypto News )<\/b><br \/>\n<\/p>\n<div>\n<p>Avalanche-based lending protocol Nereus Finance was hacked and $371K in USD Coin (USDC) was stolen. The hacker deployed a custom smart contract taking advantage of a $51 million flash loan from Aave.<\/p>\n<p>CertiK, a blockchain cybersecurity firm, was among the first to detect the hack on September 6. CertiK at the time said that the exploit impacted liquidity pools relating to decentralized exchange Trader Joe and automated market maker Curve Finance on Nereus<\/p>\n<p>But Curve Finance responded on September 7 arguing that maybe CertiK was referring to \u2018assets impacted\u2019 rather than protocols impacted since only Nereus Finance and its assets seemed affected by the exploit.<\/p>\n<h2>Post-mortem of the exploit<\/h2>\n<p>On September 7, Nereus Finance released a comprehensive <a href=\"https:\/\/medium.com\/nereus-protocol\/post-mortem-flash-loan-exploit-in-single-nxusd-market-343fa32f0c6\">post-mortem of the exploit<\/a> saying that the hacker was able to deploy a custom smart contract targeting a $51 million flash loan from Aave to manipulate the price of AVAX\/USDC Trader Joe LP pool for a single block.<\/p>\n<p>Consequently, the hacker was able to mint 998,000 NXUSD, Nereus\u2019 native token, using collateral worth $508,000. The hacker then swapped the minted NXUSD into different assets through several liquidity pools and managed to walk away with a net profit of $371,406 after the flash loan was returned.<\/p>\n<p>While the hacker made a profit, the exploit created $508,000 worth of NXUSD \u2018bad debt.\u2019<\/p>\n<p>Nereus was however quick to arrest the situation by developing a mitigation plan, notifying law enforcement, and then liquidating and pausing the exploited JLP pool. The NXUSD bad debt was paid off using the protocol\u2019s treasury.<\/p>\n<p>Nereus also noted that a similar exploit will not be possible in future since the protocol will amend its audit and security practices. Nereus noted:<\/p>\n<p><em>\u201cWhile this exploit is a bad incident \u2014 it\u2019s not uncommon for protocols to face these types of battle tests.\u201d<\/em><\/p>\n<p>As of the time of writing, the Nereus team was still trying to identify the hacker by tracking the funds. It has offered a 20% White Hat reward for the return of the funds with no questions asked.<\/p>\n<\/div>\n<p><a href=\"https:\/\/coinjournal.net\/news\/371k-in-usdc-stolen-in-an-avalanche-flash-loan-exploit\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Bitcoin, Ethereum &amp; Crypto News ) Avalanche-based lending protocol Nereus Finance was hacked and $371K in USD Coin (USDC) was stolen. The hacker deployed a custom smart contract taking advantage of a $51 million flash loan from Aave. CertiK, a blockchain cybersecurity firm, was among the first to detect [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":13926,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/13925"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=13925"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/13925\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/13926"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=13925"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=13925"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=13925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}