The decentralized Finance (Defi) Platform VEE Finance has lost a total of 8804.7 ETH (around $26 million) and 213.93 BTC (around $9 million) under attack on 21 September 2021. Asa result, the platform has suspended the contracts to ensure the safety of more users’ assets. In addition, the VEE Finance platform has now suspended the deposit and borrow function, as per a statement issued by the company.
According to CoinGecko, as soon as the announcement was made public, the protocol’s native token, VEE, plummeted drastically from $0.23 to below $0.09. Unfortunately, when flaws like this are made public, it is not always only the original sum exploited that is lost; the aftereffect on price can also substantially impact users. Currently, at the time of writing this article, the token is trading above $0.10.
Vee Finance has even addressed the hacker directly through their official Twitter handle.
Although the bounty provided is typically a modest percentage of the exploit’s value, it allows the hacker to return payments and earn a tidy sum without much difficulty. This concept of post-hack bounties is becoming more widespread in the field, and it remains to be seen how effective it may be.
It is the second Defi project hacked after Zabu Finance got hacked earlier this month and lost assets worth $3.2 million.
Main Reason of VEE Finance Attack
As per Vee Finance, the leading cause that triggered the attack was that in creating an order for leveraged trading, only the price of the Pangolin pool was used by the oracle as the source of price feed, and the pool price fluctuated more than 3%. As a result, the oracle refreshed the price, causing the attacker to manipulate the price of the Pangolin pool. Manipulating the price of the Vee Finance oracle machine and the acquisition of the oracle machine price were not processed for decimals, resulting in the expected slippage check before the swap did not work.
What happened to the lost Asset
Vee has said, “The attacker has not yet transferred or processed the attacked assets any further. We maintain communication with attackers and trying to negotiate a solution.”