DeFi Lending Protocol Fortress Loses All Funds in Oracle Price Manipulation Attack

Altcoins DeFi Ethereum Hack Security Stablecoin
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Source: AdobeStock / Sergey Nivens

 

Fortress, decentralized finance (DeFi) lending protocol with an algorithmic money market and a synthetic stablecoin, has suffered an oracle price manipulation attack that resulted in the loss of all of its funds.

“Fortress has been hit with what we believe is an oracle manipulation attack draining all funds,” the project said on Twitter. “We are investigating to determine the exact method of attack.”

Blockchain security firm PeckShield also tweeted about the attack, saying that ETH 1,048 (USD 2.58m) and DAI 400,000, cumulatively worth around USD 2.98m, were stolen from the project. Fortress provided the same numbers.

Fortress is an algorithmic money market and synthetic stablecoin protocol designed to bring credit and lending to users on Binance Smart Chain (BSC).

After exploiting the protocol, the attacker bridged all stolen funds to Ethereum (ETH) before depositing them into the popular crypto mixer Tornado Cash, Etherescan transactions show.

Blockchain security firm Blocksec detailed that the Chain oracle used by Fortress lacked power verification, which enabled anyone to hijack it.

“The `submit` function of the Chain oracle can be called by anyone and doesn’t have a power verification,” BlockSec said on Twitter, adding that the attacker called this function and changed the price of the project’s native token FTS directly.

Moreover, the attacker used USD 8,000 and purchased FTS 296,193 to “vote for a proposal that added the FTS token as collateral.” Subsequently, the attacker was able to use FTS 100 as collateral to borrow all other assets in the protocol.

FTS has also been hit hard as a consequence of the attack. At 7:26 UTC on Monday morning, the coin is trading at USD 0.030, down by 31.3% over the past 24 hours. The coin is also down more than 43% in a week and 99.8% from its all-time high of USD 14.12 recorded in mid-May last year, according to CoinGecko.

FTS 24h price chart. Source: coingecko.com

____

Learn more: 
Axie Infinity’s Post-Hack Metrics Beckon Optimism, Not Despair
Deus DAO Exploited Again, Loses Reported USD 13M+ in Flashloan Attack

Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
AkuDreams NFT Team Announces Rewritten Code After Flaw in First Code Locked USD 34M

Beanstalk Hacker Drains USD 182M from Project, But Nets Only USD 80M
ApeCoin Smart Contract Exploited, ‘Well-Prepared Claimer’ Walks Away With USD 380K

More Articles

Features
Who is Ross Ulbricht? The Silk Road Founder Pardoned By Trump
Connor Sephton
Connor Sephton
2025-01-22 12:16:39
Opinions
Opinion: $TRUMP is a Big Mistake, and a Threat to Crypto
Connor Sephton
Connor Sephton
2025-01-22 10:45:40
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors