- Rodeo Finance is an Arbitrum-based decentralized finance (DeFi) protocol.
- The hacker manipulated worth oracles and executed trades utilizing the manipulated worth.
- The value of Rodeo Finance’s native token has plunged 54% after the hack.
On July 11, the Arbitrum-powered decentralised finance (DeFi) protocol Rodeo Finance was hacked ensuing within the lack of 810 Ether (ETH) price $1.53 million. The DEX was exploited utilizing a code vulnerability in its Oracle.
Peckshield, a blockchain analytics firm, revealed information displaying that the exploiter finally transferred the stolen funds from Arbitrum to Ethereum and exchanged 285 ETH for $unshETH. The ETH was subsequently positioned on ETH2 staking by the exploiter. Final however not least, the exploiter used Twister Money, a widely known mixer service, to route the stolen ETH.
Time-Weighted Common Value (TWAP) Orcale manipulation
The hacker manipulated the Rodeo’s Time-Weighted Common Value (TWAP) Orcale and tampered with the pricing of the ETH.
The TWAP Oracle is utilized by DeFi protocols to calculate the common worth of belongings for a particular timeframe to mitigate worth fluctuation because of the volatility within the crypto market. Nevertheless, it’s weak to manipulations by way of synthetic skewing of the calculated common costs of belongings.
The exploiter first borrowed a big sum of ETH after which artificially manipulated the worth to purchase the identical asset at a deflated worth. Later the hacker returned the mortgage and made a revenue primarily based on the low worth after the manipulations.
Rodeo’s TVL drops considerably
Moreover inflicting the Rodeo Finance (RDO) token to tumble 54%, the hack has additionally triggered the overall worth locked (TVL) in Rodeo to drastically fall.
Earlier than the hack, the DeFi protocol had $20 million in TVL, however it has since dropped beneath $500 after the hack.
That is the second time that Rodeo Finance is being hacked in July 2023. It was hacked once more on July 5, 2023, and $89,000 price of crypto belongings had been misplaced resulting from a vulnerability in its ‘mintProtocolReserves’ perform.
Share this text
Classes
Tags
https://coinjournal.web/information/rodeo-finance-exploited-for-the-second-time-in-a-week-1-53m-lost/