Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » News » DeFi Protocol Rodeo Finance Hacked; $1.53M of ETH Stolen

DeFi Protocol Rodeo Finance Hacked; $1.53M of ETH Stolen

by

Rodeo Finance, an Arbitrum-based DeFi protocol, has suffered another significant exploit losing $1.53 million due to a code vulnerability in its Oracle.

DeFi Protocol Rodeo Finance Hacked; $1.53M of ETH Stolen

Share this article

Rodeo Finance, a DeFi protocol residing on the Arbitrum blockchain, suffered its second significant exploit on July 11, resulting in a loss of 472 ETH, equating to approximately $888,000 million. The exploit was orchestrated through a code vulnerability within Rodeo’s Oracle.

The exploiter transferred the stolen funds from Arbitrum to Ethereum and then swapped 285 ETH for unshETH, according to data shared by PeckShield, a blockchain analytics firm. Following the swap, the exploiter deposited ETH into Eth2 staking before sending 150 ETH to Tornado Cash, a mixer service used frequently to obfuscate the transaction trail.

PeckShield later confirmed that the amount was 472 ETH, equalling $888,000, confirming a recalculation:

The exploit was performed using a strategy involving time-weighted average price (TWAP) oracle manipulation, a tool used by DeFi protocols to average out the price of an asset over a given period, thereby reducing the risk of market volatility. This method, however, has been identified as a potential vulnerability.

The exploiter started by borrowing a substantial amount of an asset, after which they manipulated the price downward, enabling them to purchase the same asset at a significantly reduced price. This allowed the exploiter to pay off the loan and gain a profit from the lower price they managed to set through their manipulations.

This latest breach has had a profound impact on Rodeo Finance, causing the total value locked (TVL) to nosedive from $20 million to less than $500.

The wallet address tied to the exploit is still in possession of over 370 ETH and has been flagged by Etherscan as connected to the Rodeo exploit.

The culprit’s flagged address: Source 

HypernativeLabs on Twitter spotted a similar hack on Rodeo Finance last week on July 5, losing around $50,000:

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.