Santa Hackathon? Visor Finance Marks 7th Hack in December

DeFi Hack
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews
Source: AdobeStock / Mikheil

 

Liquidity management decentralized finance (DeFi) protocol Visor Finance is the latest victim of a DeFi hack, with the protocol estimated to have lost USD 8.2m worth of digital assets – and becoming the 7th crypto establishment to get exploited in the last month of the year.

As reported, December has seen an exceptional rise in the number of DeFi hacks and exploits. So far this month, DeFi projects Badger DAO, Bitmart, AscendEX, Vulcan Forged, Grim Finance, and Bent Finance have been exploited for various amounts of cryptocurrencies.

Meanwhile, Visor Finance’s team confirmed the hack in the late hours of December 21, saying that the staking contract had been exploited and that they would reimburse affected users.

“We are aware of an exploit of the vVISR staking contract and are implimenting a migration plan for affected VISR. No positions or hypervisor’s are at risk,” the team said.

In a “post-mortem” medium post, the project detailed that “a malicious contract drained Visor Finance’s staking contract” of over VISR 8.8m tokens, worth well over USD 8m at the time of the hack.

“The attack was made possible by implementing the IVisor delegateTransferERC20 interface and calling the staking contract’s withdraw function with the desired VISR amount,” the team said. “Dependence on arbitrary IVisor delegateTransferERC20 implementation by caller allowed for the attack to take place.”

According to Etherscan transactions, the hacker has already swapped the majority of their VISR tokens for ethereum (ETH) via decentralized exchange Uniswap (UNI). They have also funnelled funds through Tornado Cash, a non-custodial privacy solution built on Ethereum that improves transaction privacy by breaking the on-chain link between source and destination addresses.

However, due to the token’s illiquidity, the hacker has ended up with just around ETH 200 (currently worth USD 812,000), far less than USD 8m. As of 8:23 UTC on Wednesday morning, nearly USD 134,900 is also sitting in the hacker’s wallet, including approximately VISR 1.3m and ETH 15.89.

As part of their future plans, Visor Finance said they aim to launch a new token with a new ticker, as it would be confusing if the ticker stays the same. It said that users will be able to redeem the new token at a ratio of 1:1, adding that they have already begun the process of listing the new token on various registries.

“No one should buy VISR as it will not be redeemable for the new token,” the team said.

Prior to the hack, Uniswap v2 and Uniswap v3 were providing liquidity to the project. “The exact same amount of ETH and tokens will be placed in liquidity positions immediately after the new token and the token migration contract is deployed,” the project said.

Following the attack, as the hacker was swapping VISR, Visor Finance’s native token, the coin tanked. As of now, VISR is down by 96% over the last 24 hours, trading at USD 0.038.

Notably, this is not the first time Visor Finance was exploited. In late June, an attacker gained access to an account that managed some of the project’s administrative functions and withdrew USD 500,000 worth of crypto assets.

____

Learn more:
6th Hack This Month Confirmed: Bent Finance Asks Investors to Withdraw all Funds
YFI Rallies 80% in a Week as Team Promises ‘Aggressive Buybacks’

Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
What Did We Learn from the MonoX Hack?

–  2022 Crypto Regulation Trends: Focus on DeFi, Stablecoins, NFTs, and More
Crypto Industry Insiders Share Top Ethereum, DeFi, Gaming, and TradFi Trends for 2022
 

More Articles

Blockchain News
South Korea Authorizes CBDC Pilot Test with Seven Banks
Jimmy Aki
Jimmy Aki
2024-11-06 15:06:56
Blockchain News
Lawmaker: Bolivia Will Move into Crypto Adoption Top 5
Tim Alper
Tim Alper
2024-11-06 15:00:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors