{"id":491222,"date":"2022-09-08T12:51:34","date_gmt":"2022-09-08T09:51:34","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/defi-protocol-token-nfd-crashes-by-99-after-a-flash-loan-attack\/"},"modified":"2022-09-08T12:51:34","modified_gmt":"2022-09-08T09:51:34","slug":"defi-protocol-token-nfd-crashes-by-99-after-a-flash-loan-attack","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/defi-protocol-token-nfd-crashes-by-99-after-a-flash-loan-attack\/","title":{"rendered":"# DeFi protocol token NFD crashes by 99% after a flash loan attack"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a25e86348c8d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a25e86348c8d\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/defi-protocol-token-nfd-crashes-by-99-after-a-flash-loan-attack\/#%E2%80%9D_DeFi_protocol_token_NFD_crashes_by_99_after_a_flash_loan_attack_%E2%80%9C\" >&#8221; DeFi protocol token NFD crashes by 99% after a flash loan attack  &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_DeFi_protocol_token_NFD_crashes_by_99_after_a_flash_loan_attack_%E2%80%9C\"><\/span>&#8221; DeFi protocol token NFD crashes by 99% after a flash loan attack  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-71846793>New Free DAO, a decentralized finance (DeFi) protocol, faced a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of flash loan attacks on Sept. 8, resulting in a reported loss of $1.25 million. The price of the native token has dropped by 99% in the wake of the attack.<\/p>\n<p>Unlike normal loans, several DeFi protocols offer flash loans that allow users to borrow large amounts of assets without upfront collateral deposits. The only condition is that the loan must be returned in a single transaction within a set time period.\u00a0However, this feature is often exploited by malicious adversaries to gather large amounts of assets to launch costly exploitations targeting DeFi protocols.<\/p>\n<p>Blockchain security firm Certik alerted the crypto community on Thursday about the 99% price slippage of the NFD token due to a flash loan attack. The attacker reportedly deployed an unverified contract and called the function \u201caddMember()\u201d to add itself as a member. The attacker later executed three flash loan attacks with the assistance of the unverified contract.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/CertiKSkynetAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#CertiKSkynetAlert<\/a> <\/p>\n<p>New Free Dao &#8211; <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=%24NFD&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$NFD<\/a> was exploited via flash loan attack gaining the attacker 4481 WBNB (<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>rox. ~$1.25M) causing the token to slip in price 99%.<\/p>\n<p>The attacker has connections to Neorder &#8211; $N3DR attack from 4 months ago where they took 930 BNB at the time. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5Rcht3YiIK\">pic.twitter.com\/5Rcht3YiIK<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1567735913223946243?ref_src=twsrc%5Etfw\">September 8, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nThe attacker first borrowed 250 WBNB worth $69,825 via flash loan and swapped all of them for the native token NFD. The contract was then used to create multiple attack contracts to claim airdrop rewards repeatedly. The attacker then swapped all the airdrop rewards for WBNB benefiting 4481 BNB.<\/p>\n<p>Out of the 4481 BNB, the attacker returned the borrowed loan (250 BNB) and swapped 2,000 BNB for 550,000 BSC-USD. Later, the attacker moved 400 BNB to the popular coin mixer service Tornado Cash. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-09\/b65c88e5-7ebf-4873-bea2-172d04405dad.jpg\"><figcaption style=\"text-align: center;\"><em>Fund Movement From NFD Attacker Wallet to Tornado Cash Source: BSC Scan<\/em><\/figcaption><\/figure>\n<p>Certik also notified that the hacker behind the flash loan attack on NFD was related to those who <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/mirror.xyz\/0xE97aEb4075bbC66a53aa6430327D3B0AA74C5918\/m8bmffsVC4_o3KsODQL4lyZ5FZetYGNJ2nVpUHPe5hY\">exploited <\/a>Neorder (N3DR) in May earlier this year. Later, another blockchain security firm Beosin told Cointelegraph that the attackers behind both the exploits could be the same.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Solana-based stablecoin NIRV drops 85% following $3.5M exploit<\/em><\/strong><\/p>\n<p>Beosin also highlighted another vulnerability with the NFD protocol that could be further used for another type of flash loan attack. The security firm said that the price could be manipulated since they are calculated \u201cusing the balance of USDT in the pair, so it may lead to flash loan attack if exploited.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">3\/ Although unrelated to this attack, we also find another vulnerability in the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=%24NFD&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$NFD<\/a> contract that may lead to price manipulation. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/kKvx4hRdE4\">pic.twitter.com\/kKvx4hRdE4<\/a><\/p>\n<p>\u2014 Beosin Alert (@BeosinAlert) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BeosinAlert\/status\/1567757267004723203?ref_src=twsrc%5Etfw\">September 8, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Flash loan attacks have been increasingly popular among hackers due to the low risk, low cost and high reward factors. On Sept. 7, Avalanche-based lending protocol Nereus Finance became a victim of a crafty flash loan attack resulting in a loss of $371,000 in USDC. Earlier in June, Inverse Finance lost $1.2 million in another flash loan attack.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/defi-protocol-token-nfd-crashes-by-99-after-a-flash-loan-attack\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; DeFi protocol token NFD crashes by 99% after a flash loan attack &#8220; New Free DAO, a decentralized finance (DeFi) protocol, faced a series of flash loan attacks on Sept. 8, resulting in a reported loss of $1.25 million. The price of the native token has dropped by 99% in the wake of the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":491223,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvN2VlY2QwMzMtNzFhNy00YzlhLTk5ODQtMWM3ZTIwNGY3YjNkLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[75186,74868,74882,70944,73808],"class_list":["post-491222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-dao","tag-defi","tag-hacks","tag-hackers","tag-loans"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/491222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=491222"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/491222\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/491223"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=491222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=491222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=491222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}