Midas Capital suffered a loss of $660,000 when an attacker used an instant loan exploit on the Jarvis Polygon pool. The team has released the postmortem detailing the incident.
DeFi lending and borrowing platform Midas Capital has released a postmortem on the $660,000 exploit it experienced on January 16. Midas Capital stopped borrowing on the Jarvis Polygon pool, which was the source of the exploit. The team said that recently added collateral tokens were used in one of the suspicious transactions.
After a long exploit, the team released the postmortem. It added that Midas listed the WMATIC-stMATIC Curve LP token a few days ago. It had not yet been announced and had a supply limit of $250,000.
The Jarvis Network team and Midas Capital were discussing adding new collateral options and imposing a supply cap to prevent large borrowings. it wasn’t enough to stop exploitationWhich was the popular flash loan type that has plagued the market for years.
The Quick Loans exploit saw the attacker inflate the price of the LP token by borrowing against it. They looted jAssets for over $660,000. The team admitted that it had made a judgment error, thinking that the re-entry seen in the past would not affect the original ‘raw_call’ function of the series.
the gods arrived to give the reward
The developers have made efforts to recover the money. They have reached out to the attacker in the hope that they will revert it, offering a bug bounty in return. There is no update yet on whether the attacker has responded.
In the meantime, the team is considering other ways to deal with the losses. they are operation Internal procedures to prevent recurrence of attack. It notes that setting lending limits or having a cooldown period on newly added collateral will limit the attack surface.
The Midas Capital team claims that it will focus on due diligence when adding new collateral and will work on developing a risk assessment framework. It also plans to add more checks and balances.
DeFi exploits continue to plague the market, and they haven’t subsided over the past year. In 2022, losses in the crypto and DeFi market were expected to be worth $3.9 billion, with ImmuneFi highlighting 168 incidents. Only $204 million was recovered, which was 5.2% of the total value.
However, white hat hackers have made significant contributions to security. They’ve saved over $20 billion from the hack in 2022, and it could probably make up the lost value in 2023.
disclaimer
BeInCrypto has reached out to the company or the person involved in the story for an official statement regarding the recent development, but has yet to hear back.