- Exactly Protocol has temporarily suspended operations to conduct an ongoing investigation.
- The hacker used an exploiter contract to bridge stolen funds from Optimism to Ethereum.
The Exactly Protocol, a decentralized credit market operating on the Optimism network, has fallen victim to a significant exploit that resulted in the loss of approximately $12 million worth of ETH.
Exploit Explained
The hacker initiated the breach by deploying an exploiter contract on the Ethereum blockchain. An exploiter contract is a malicious code deployed on a blockchain designed to carry out unauthorized actions or manipulate transactions, often resulting in the theft of assets or the disruption of normal operations.
The hacker first funded the exploiter contract on the Ethereum blockchain. Once the contract was funded, the hacker directed user deposits to the Optimism network. This movement of funds to the Optimism sidechain was part of the hacker’s attempt to obfuscate the path of the stolen assets.
The hacker then proceeded to bridge the ill-gotten funds from Optimism to Ethereum. This maneuver completed a full circle, allowing the hacker to effectively siphon off a substantial amount of assets while exploiting the interplay between the two blockchain networks.
Repercussions
Following the exploit, the native governance token of the protocol, EXA, experienced a sharp decline of over 20% in value within the last 24 hours.
Responding swiftly to the breach, the Exactly Protocol team immediately ensured user safety
Conclusion
The Exactly Protocol exploit on the Optimism network is a stark reminder of the DeFi ecosystem’s evolving threats. This exploit underscores the need for DeFi platforms to prioritize security measures and invest in robust systems that can withstand sophisticated attacks.
