An oracle manipulation exploit has emptied all funds from Fortress Protocol, an algorithmic money market and defi lending protocol. Since then, the stolen coin has been moved from Binance Smart Chain to Ethereum and mixed.
CertiK, a blockchain security company, informed CryptoPotato of the attack on Monday. The hacker started by purchasing many FTS — the governance token that manages the FTS protocol – using ETH.
A quorum of 400,000 FTS is required to vote on the governance contract for Fortress Loans. At the time of the breach, it was only worth $18,000 and represented fewer tokens than the attacker had. To put it another way, he now had the power to pass whatever protocol modification request he wanted.
As a result, he approved Proposal ID 11, which increased the collateral component for FTS tokens in loan contracts from 0 to 700,000,000,000,000,000. He also modified the loan contract’s price oracle, causing the token’s price to update even if voting power was 0.
“With these updates, the value of the attacker’s collateral (FTS) was raised significantly, so the attacker was able to borrow large amounts of other tokens from the loan contracts,” revealed CertiK on Twitter.
The hacker utilized his remaining FTS to borrow many tokens and turn them into over 1000 ETH and 400,000 DAI, to total over $3 million at the time of the assault. He quickly moved the stolen amount to Tornado Cash using a self-destruct mechanism built into his fraudulent smart contract.
The events have left the fortress protocol team very distraught. They’ve asked the community not to put any assets in Fortress and to help recoup the monies with any available partners.
Tornado Cash handled both the ETH necessary to acquire thze hacker’s first FTS and the ETH representing the hacker’s stolen items. The mixing mechanism on Ethereum destroys the connection between a sender’s and receiver’s addresses, allowing the hacker to remain anonymous from start to finish.
Several crypto criminals have used the same technique in the last several months. 15 percent of the funds entered into the mixer is from the individual or team responsible for the $600 million Ronin hack in March.