Join the hunt for $12,000,000+ in NEXO Tokens!

Learn More

Voltage Finance Suffers $4 Million Stablecoin Theft

Various stablecoins and wrapped tokens were stolen from the DeFi platform today.

Voltage Finance Suffers $4 Million Stablecoin Theft
Shutterstock cover by silvae

Key Takeaways

  • Voltage Finance was the target of an attack today that resulted in more than $4 million stolen from the platform.
  • According to one security firm, a reentrancy bug allowed attackers to drain the DeFi platform's lending pool.
  • Similar attacks were carried out against Hundred Finance and Agave earlier this month, resulting in $11 million stolen.

Share this article

Voltage Finance has suffered a reentrancy attack leading to the theft of $4 million in stablecoins and cryptocurrencies.

$4 Million Have Been Stolen

Another DeFi exploit has resulted in millions lost.

Voltage Finance announced the theft on Twitter on Mar. 31. “We became aware of a breach on the [Voltage Finance] lending platform… leading to the theft of [$4 million],” it wrote.

Various stablecoins were stolen, including USDCoin (USDC) and Binance USD (BUSD). Wrapped Bitcoin and Ethereum tokens (WBTC and WETH) were also stolen. Fuse Dollar (FUSD) and its non-stablecoin counterpart FUSE were stolen as well.

Voltage assured users that all funds within its custody are safe, including staked tokens and tokens in liquidity pools. It added that its contracts have been subject to various audits.

The attacker’s address has been flagged on Etherscan, and Voltage has called on the exchanges CEX and Circle to block transactions from that address. Voltage is now attempting to contact the attacker and negotiate a bounty for the return of funds.

The platform added that it is working with its lending-as-a-service partner Ola Finance to investigate the issue.

Official Report Still Pending

Ola Network said that it will soon publish an official report that details the exploit. In the meantime, it has endorsed a third-party report from the blockchain security firm PeckShield.

Peckshield has stated that the hack was due to a reentrancy bug that allowed hackers to drain the lending pool. This vulnerability arose from an issue between ERC-677/777 tokens (the basis of most of the affected stablecoins) and forks of the Compound Network (something that Ola Network allows developers to create).

Related attacks occurred on Hundred Finance (a fork of Compound Finance) and Agave (a fork of Aave) around Mar. 15. About $11 million in total was stolen during those attacks.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.

Share this article