Vee Finance Reports an USD 36M Exploit, VEE Takes a Dive
Lending protocol platform Vee Finance was a victim of a USD 36m–heavy exploit a week after its mainnet launch, also seeing its VEE token plummet.
Yesterday, the team confirmed the incident, stating that they are “investigating the cause,” and that all services have been paused.
This was followed by an incident announcement, per which the Avalanche (AVAX)-based decentralized finance (DeFi) protocol had noticed “a number of abnormal transfers” on September 20, and “after further monitoring, a total of 8804.7 ETH and 213.93 BTC were attacked.”
This amount of ethereum (ETH) is currently worth around USD 27m, and bitcoin (BTC) is USD 9m, making the total reported loss of around USD 36m – which is the amount currently held by the involved address.
The stablecoin section is not affected by the attack, they added.
The report states that “the suspected attacker has launched the attack through the above address and has collected the stolen assets in this address.”
Per the report, the attacker has not yet transferred or processed the stolen funds, while the team is working “to further clarify the incident and will continue to try to contact the attacker to recover the assets.”
Dear Mr/Ms 0x**95BA,— vee.finance🔺 (@VeeFinance) September 21, 2021
This is VEE Finance team, we’re willing to launch a bounty program for the bug you identified. Please connect us via email or other contact you prefer.https://t.co/24R5XuSDDS pic.twitter.com/HwSNRi838g
Besides the services being paused, the team moved to suspend the deposit and borrow function.
At 7:48 UTC, VEE was trading at USD 0.10, after it dropped -47% in the past 24 hours.
Unsurprisingly, among the comments there are also those who suspect a rug pull (a theft, wherein the owners of the project abandon it after stealing investors’ money), while some claim that the attacker address given is the same as the creator of the Vee Finance bridge contract.
Just a couple of days ago, Vee Finance announced that the total value locked on the platform surpassed USD 300m, growing USD 100m in the 12 hours prior.
Vee Finance mainnet was officially launched on September 14. The smart contract passed the audit of SlowMist Technology, said the team. The project was funded by more than forty companies, including Huobi Ventures Blockchain Fund and Avalanche Asia Eco Fund AVATAR.
– SushiSwap’s MISO Suffers USD 3M Attack, Contract Thefts May Rise
– Cream Finance Suffers USD 25M Flash Loan Attack
– Tether Frozen in Poly Hack Returned to Owners, Fuelling Centralization Debate