Polygon’s Decentralized Exchange (DEX) “Quickswap” was recently the victim of an attack in the blockchain. The cybercriminals were able to take over $220,000 through a flash-loan exploit on Quickswap’s platform.
The attack based itself on the “flash loan” mechanism. This type of instant loan allows users to take loans without collateral.
However, this type of service opens up possibilities for exploits from bad players.
Flash loan exploits, which are common in DeFi, occur when a well-capitalized bad actor manipulates the price of an asset by taking out a large number of loans and then fast selling back the borrowed capital to profit.
The attack was later analyzed in detail PeckShield, a blockchain security company.
Since then, the hacker has sent funds back to Ethereum (ETH) before depositing them in Tornado Cash, a service that combines blockchain transactions and makes cryptocurrency investigation more difficult.
According to PeckShield, the attack was first linked to Qi DAO, which emits the stablecoin miMATIC (MAI). The attack was blamed on a cyberattack on QuickSwap, according to a cybersecurity firm.
QuickSwap is a popular way users can swap tokens among themselves. As a DEX, it does not require any registration and has no middlemen.
When compared to regulated exchanges – decentralized exchanges are far less bureaucratic and easy to use for new users. However, that discrepancy often comes at the cost of security.
Fortunately, users did not suffer any losses from the attack. The only platform hit by an exploit was its Market XYZ lending market.
QuickSwap Removing Flash Loans
The Decentralized Exchange stated this Monday that it will close its “Quickswap” Lend – the lending protocol used as an exploit by the hacker.
Following that, DEX confirmed that US$ 220,000 were taken via instantaneous exchange attacks, and the QuickSwap exchange market will be closed.
The DEX promised an update for today (24), but users had to wait over 12 hours for any announcement from the exchange.