2 minutes reading Posted by Clément Wardzala. This article was last updated on December 28, 2020 at 4:27 PM
An individual managed to exploit a loophole in the Cover protocol smart contract, allowing him to forge 40 trillion COVER tokens. The price of the token quickly collapsed by more than 90%, dropping from $700 to $50 in just 2 hours.
A hacker exploits a loophole in the Cover protocol – he prints 40 trillion tokens and the price falls by 90%.
The Jerome Powell of crypto attacks Cover Protocol
Another blow for decentralised finance (DeFi). Cover Protocol, a peer-to-peer insurance protocol, has been exploited by a hacker. The attacker managed to find a critical loophole in the protocol’s smart contract. He thus discovered how to create COVER tokens in an unlimited way.
Like the US Federal Reserve (FED) and the dollar, the attacker printed an astronomical amount of tokens, injecting the equivalent of 40 trillion COVER tokens (exactly 40,796,131,214,802,500,000 tokens) into the markets:
Hack Cover Protocol
According to our colleagues at The Block, the attacker would have managed to sell the equivalent of 3 million dollars in COVER tokens through 6 transactions on 1inch, a decentralised exchange aggregator. The token’s liquidity was then fully absorbed, leading to a sharp fall in the token’s price, with no return of the token’s value.
In a totally unexpected move, the attacker returned the funds to Cover Protocol with the following message: „Next time, take care of your own shit“. It would appear that another protocol called Grap.Finance was behind this attack:
Hack Cover Protocol
Nevertheless, in the space of just 2 hours and 20 minutes, COVER’s price dropped by more than 93%, from $740 to $50 at its lowest point. On Binance, the COVER/BUSD pair is trading at $32 million at the time of writing.
A few hours after the attack, Binance also stopped trading and deposits of the COVER token :
COVER price evolution – Source: Trading View – COVER/BUSD
One more attack against DeFi
It should be noted that the Cover protocol has recently been absorbed by another protocol, Yearn.Finance. Banteg, one of the developers of Yearn.Finance, has thus encouraged all users of the protocol to withdraw their cash as quickly as possible, even if it is already too late.
This major attack follows those against Warp Finance ($7.7 million) and Pickle Finance ($20 million). All these attacks are the result of flaws in the protocol or in the smart contract itself.
Although these DeFi protocols are generally audited, it would appear that critical flaws still fall through the cracks, much to the delight of hackers. This kind of fortuitous event proves once again that the sector is far from being mature enough to be adopted by the masses.