{"id":27221,"date":"2024-03-06T11:40:53","date_gmt":"2024-03-06T11:40:53","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/woofi-confirms-8-75-million-exploit-on-its-arbitrum-market\/"},"modified":"2024-03-06T11:40:53","modified_gmt":"2024-03-06T11:40:53","slug":"woofi-confirms-8-75-million-exploit-on-its-arbitrum-market","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/woofi-confirms-8-75-million-exploit-on-its-arbitrum-market\/","title":{"rendered":"WOOFi confirms $8.75 million exploit on its Arbitrum market"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Bitcoin, Ethereum &amp; Crypto News )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"post-article-image  -mt-24  mb-8  lg:-mt-32  rounded  overflow-hidden\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/03\/hacker-dark-room-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/03\/hacker-dark-room-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/03\/hacker-dark-room-smartcrop-750x375.jpg\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/03\/hacker-dark-room-smartcrop-363x181.jpg\" type=\"image\/jpeg\"\/>\n<\/picture>                    <\/div>\n<ul>\n<li><span style=\"font-weight: 400\">WOOFi has released a post-mortem report confirming an $8.75 million exploit on its lending market on Arbitrum.<\/span><\/li>\n<li><span style=\"font-weight: 400\">The decentralized exchange has offered a 10% whitehat bounty to the attacker.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Decentralized exchange WOOFi suffered an $8.75 million exploit that targeted its lending market on Arbitrum, according to a report the platform released on Wednesday.<\/span><\/p>\n<p><span style=\"font-weight: 400\">In a <a href=\"https:\/\/woo.org\/blog\/en\/woofi-spmm-exploit-post-mortem\" target=\"_blank\" rel=\"noopener\">post-mortem report<\/a>, the WOOFi team noted that the attacker manipulated its Synthetic Proactive Market Making (sPMM) algorithm.<\/span><\/p>\n<p><span style=\"font-weight: 400\">After pausing the manipulated contracts, an investigation into the attack revealed the hacker carried out a series of flash loan attacks, starting at around 15:49 UTC on March 5.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cThe exploit consisted of a sequence of flash loans that took advantage of low liquidity to manipulate the price of WOO in order to repay the flash loans at a cheaper price,\u201d the team noted.<\/span><\/p>\n<p><span style=\"font-weight: 400\">During the attack, the exploiter borrowed approximately 7.7 million <a href=\"https:\/\/coinjournal.net\/woo-network\/\">WOO tokens<\/a> as well as other cryptocurrencies. They then sold these tokens into WOOFi, causing the sPMM to incorrectly adjust WOO token\u2019s price to near zero.<\/span><\/p>\n<p><span style=\"font-weight: 400\">With the anomalous pricing in place, the attacker proceeded to quickly swap out 10 million WOO three times.<\/span><\/p>\n<p><span style=\"font-weight: 400\">While various blockchain security platforms, including PeckShield, Chainalysis, Hypernative, and Wintermute swiftly picked up the exploit, the attacker had already made off with $8.75 million in profits.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">WOOFi offers 10% whitehat bounty<\/span><\/h2>\n<p><span style=\"font-weight: 400\">WOOFi is offering an 10% whitehat bounty to the attacker as efforts to recover the funds continue. The platform has also initiated bounty on Arkham Intelligence. <\/span><\/p>\n<p><span style=\"font-weight: 400\">Meanwhile, the exchange says its WOOFi Pro, Stake, and Earn services were not affected and remain \u201cfully operational.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400\">The WOOFi team posted on X:<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">3\/ We have already initiated efforts to retrieve these funds, with a 10% whitehat bounty extended to the exploiter. Additionally, a bounty has been placed on <a href=\"https:\/\/twitter.com\/ArkhamIntel?ref_src=twsrc%5Etfw\">@ArkhamIntel<\/a> for anyone who can provide additional information.<a href=\"https:\/\/t.co\/oSG0CQa4oP\">https:\/\/t.co\/oSG0CQa4oP<\/a><\/p>\n<p>\u2014 WOOFi (@_WOOFi) <a href=\"https:\/\/twitter.com\/_WOOFi\/status\/1765150691331281219?ref_src=twsrc%5Etfw\">March 5, 2024<\/a><\/p>\n<\/blockquote>\n<p>\u00a0<\/p>\n<p><span style=\"font-weight: 400\">WOO price fell sharply after the attack, from around $0.59 to lows of $0.48. The token\u2019s value changed hands at $0.52 at the time of writing.<\/span><\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/coinjournal.net\/news\/woofi-confirms-8-75-million-exploit-on-its-arbitrum-market\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Bitcoin, Ethereum &amp; Crypto News ) WOOFi has released a post-mortem report confirming an $8.75 million exploit on its lending market on Arbitrum. The decentralized exchange has offered a 10% whitehat bounty to the attacker. Decentralized exchange WOOFi suffered an $8.75 million exploit that targeted its lending market on [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":27222,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/27221"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=27221"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/27221\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/27222"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=27221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=27221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=27221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}