blog

Explained: The Exactly Protocol Hack (August 2023)

Category: Explained: Hacks

Explained: The Exactly Protocol Hack (August 2023)

POSTED BY: Rob Behnke

08.23.2023

In August 2023, the Exactly Protocol — a DeFI project based on the Optimism blockchain — was the victim of an attack. The attacker exploited a vulnerability in the protocol’s contracts to steal over $7 million from the project.

Inside the Attack

The Exactly Protocol hack is an example of a hack enabled by weak validation checks. The attacker was able to bypass the permit check on the protocol’s DebtManager periphery contract by providing it with the address of a fake, malicious market contract.

After getting this malicious contract in place, the attacker executed a malicious deposit function that provided access to the funds that users had deposited into the protocol’s contracts. In total, the attacker was able to steal approximately $7.3 million in ETH from the project.

Lessons Learned from the Attack

The Exactly Protocol hacker exploited a loophole in the protocol’s security checks. By identifying and exploiting this loophole, the attacker was able to deploy a malicious contract that drained the protocol’s funds. Unfortunately, the vulnerability exploited by the attacker was not discovered before launch despite the project’s numerous smart contract audits.

Related Blog Posts

No related posts.

© Halborn 2024. All rights reserved.