• A decentralized credit market protocol, Optimism (OP), has been hacked for $7.2 million worth of Ethereum (ETH).
• The attack was made by exploiting Exactly (EXA), an open-source credit market project.
• EXA’s price dropped 32% in the last day as a result of news of the hack.
Exploit of Decentralized Credit Market Protocol
The security department of web3 protocol De.Fi recently discovered that bad actors have stolen about $7.2 million worth of Ethereum (ETH) from an Optimism-based (OP) decentralized credit market protocol by exploiting Exactly (EXA), an open-source credit market project.
Root Cause of Exploit
Blockchain security firm Beosin explains how the hacker found a way to bypass the protocol’s security measures: “Root cause of the Exactly Protocol exploit: the market address in DebtManager contract could be manipulated. The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal the USDC deposited by users. Finally liquidated users’ assets to make a profit.”
Protocol Paused and Investigation In Progress
Exactly stated that they have temporarily paused their protocol while this issue is being investigated, though investors will still be able to withdraw funds at present time. They are actively investigating this security issue and will provide more details when available.
Impact on EXA’s Price
News of the hack had an impact on EXA’s price as it fell sharply during the last 24 hours, trading for $4.28 at time of writing – representing a 32% decrease in value compared to yesterday’s price.
Conclusion
Bad actors were able to exploit a vulnerability within Exactly’s open-source credit market project, leading to approximately $7.2 million worth of Ethereum being stolen using Across Protocol and Optimism Bridge protocols . This resulted in EXA’s token dropping significantly in value over just 24 hours due to news surrounding this breach .