An Oracle attack was reported on three of the lending pools on Solend Lending Protocol. The incurred debt from this hacking attack was $1.26 million.
Attackers Manipulate Oracle Price Data
The lending protocol, Solend, operates a decentralized lending network that allows investors and users to borrow and lend on the platform. When users complete operations on this lending pool, they are incentivized with interest on crypto assets.
On Wednesday, a hack attempt on the Solend lending platform resulted in a $1.26 million debt. According to the security firm Peckshield, this incident was caused by an Oracle attack.
An Oracle attack is one that exploits a system flaw and uses a specific padding validation to decrypt cryptographic messages and ciphertext.
Solend addressed this situation and emphasized on the gravity of this attack. This attack affected three loan pools on the network, which held stablecoins, Coin 98 tokens, and Kamino tokens. This information was revealed in a tweet, which stated that the attack on USDH affected stablecoins and other tokens as well, totaling $1.26 million in assets carted away.
To contain the problem, drastic actions were taken, including the freezing of all three lending pools. The unaffected pools, on the other hand, are still operational.
An Identified Hacking Strategy
Solend’s investigation reveals the means by which the hacker was able to penetrate the security. The hacker exploited a weakness in the platform’s price data oracle. This Price data oracle is a system that tracks the current prices of all crypto assets on the platform.
This method has been used before, and attackers saw it as the greatest way to steal funds. They exploit Oracle’s price data weaknesses, increasing the value of crypto assets and manipulating the system by borrowing crypto assets during the short window of price inflation with no intention of repaying.
This fraud and manipulation, on the other hand, results in a debt that can never be repaid, putting the platform in serious debt. Many hackers have utilised this strategy in the past to steal assets from crypto lending platforms.