There has been a new cyber attack in the decentralized finance (DeFi) ecosystem. Finally, losses of approximately $5.9 million in Ethereum, Wrapped Bitcoin (WBTC), and stablecoins were reported via the trading protocol Trusted Volumes.
Cause of the attack and technical details
According to the findings of SlowMist and PeckShield companies operating in the field of blockchain security, the attack was caused by a critical flaw in the basic signature verification code of the protocol. Due to this error, the malicious actor was able to bypass the protocol’s required authorization checks and create fake buy-sell orders.
Trusted Volumes is known as a DeFi trading protocol that works with Request for Quote architecture. This structure works differently from classical automatic market maker models; Orders are transmitted directly between the parties and the approval of both parties is obtained with a digital signature. For the security of transactions, it is vital that the cryptographic signature verification mechanism is perfect.
However, the logic error in the fillOrder function significantly weakened the transaction security of the platform.
PeckShield reported that the loss reached 5.9 million dollars in total. According to SlowMist’s analysis, the assets moved include 1,291 ETH ($3.02 million), 16.94 WBTC ($1.37 million), 1.26 million USDC and 206 thousand USDT.
What is the Trusted Volumes protocol?
Trusted Volumes is a DeFi protocol developed for decentralized trading transactions. The platform offers a structure where price quotes are exchanged directly between users. This model takes a decentralized approach to over-the-counter (OTC) transactions, which are typically carried out between people. For the security of the system, signature control must be carried out completely before granting access to users’ assets.
Fate of assets and security recommendations
After the incident, the attacker tried to cover his tracks by quickly transferring the received funds through a decentralized exchange. Transaction records on the blockchain show that stolen stablecoin and WBTC balances were associated with exchange addresses.
This attack on Trusted Volumes underlines that there may be new vulnerabilities in DeFi platforms. According to experts, it is of great importance to periodically test signature verification algorithms, especially at the protocol level.
It is stated that the risks have increased for users who keep their crypto assets on the platform after the attack. Users are recommended to review the technical structure and security reports of the protocols before approving large amounts.
The latest attack in the DeFi ecosystem once again brought to the agenda the need to eliminate the security vulnerabilities of the sector. On the company side, it was reported that comprehensive investigations are continuing for other possible vulnerabilities.
