DeFi project New Free DAO lost over $1.25 million in a flash loan attack, PeckShield reported. The price of the NFD token has dropped by over 99%.
Blockchain security company PeckShield has alerted the crypto community that the New Free DAO project has probably suffered a $1.25 million loss. The company says that the project has likely suffered a flash loan attack, causing the NFD token value to drop by over 99%.
The attacker has made away with $1.25 million worth of BNB and has swapped it for BSC-USD. The token was created on the Binance Smart Chain (BSC) and was a DeFi token that seemingly focused on the NFT niche, and offered a multitude of features.
However, the project does not seem like one that has a particularly strong reputation within the crypto market. There is little information on it, but it appears to have been popular enough to have lost over $1 million dollars.
Flash loan attacks are a popular means of attack in the DeFi space, and several projects have been victims of the attack. They work by essentially manipulating prices after the attacker takes out an uncollateralized loan. They are comparatively easier to execute, hence their popularity.
Flash loan attacks continue
In recent days, more and more projects have suffered from a flash loan attack. Blockchain cybersecurity firm CertiK said that a flash loan attack on the Avalanche blockchain resulted in the theft of $370,000 from a smart contract and liquidity providers. Curve Finance is believed to be among those affected.
Last year, Cream Finance suffered three flash loan exploits, with the third one seeing $130 million stolen. PancakeBunny lost $200 million in a flash loan exploit in what was one of the bigger heists.
As such, projects have made securing their protocols a high priority. However, flash loan attacks look like they will continue to happen, but teams are working on security nonetheless.
Security a top priority
The DeFi market has always been a favored prey for attackers, as there is a large amount of capital flowing into it. New projects and protocols with little security auditing, and being new, are common targets for these attackers.
Over the past 18 months, many major projects have doubled down on their focus on security, as these attacks can have cascading effects. CertiK reported in January 2022 that 44 attacks in 2021 were due to centralization issues. Other causes include missing event emissions, unlocked compiler versions, and a lack of proper input validation.