Search Inside Bitcoins

Nereus Finance suffers exploitation on its network

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Solana Phantom hack
Solana Phantom hack

Join Our Telegram channel to stay up to date on breaking news coverage

Nereus Finance, a protocol based on the Avalanche network, has been exploited. The protocol confirmed the development in a Post-Mortem shared on its handle on Thursday. The exploit resulted in the protocol losing about $371,000 worth of USD Coin (USDC). 

Certik, a blockchain security firm, was the first to detect and alert the community about the exploitation of the Nereus network. The firm, in conjunction with automated market marker Curve Finance, and decentralized exchange Trader Joe, detected the impact of the exploitation on the liquidity pools of Nereus.

According to Certik, the subtle attacks also affected other fundamental protocols. In its own Twitter post, Curve Finance insisted that only Nereus was affected by the exploitation.

A few hours after the exploitation, the Nereus team proceeded to the protocol’s community discord to officially notify the community of the attack. Nereus also sought the advice of security experts and unveiled its migration plans. It further alerted law enforcement agencies to support its efforts towards unraveling the exploitation’s circumstances. Nereus noted that it minimized the attack’s implications by liquidating and halting the exploited JLP market.

Post-Mortem reveals how the exploitation manifested

According to the Post-Mortem released by Nerseus Finance, the hack perpetrator used a custom smart contract. The report added that the exploiter compromised the contract to obtain a $51 million flash loan from Aave. The hackers deliberately manipulated the AVAX/USDC Trader Joe LP (JLP) pool price.

Furthermore, the lending platform disclosed to the community that the hacker minted about $998,000 worth of Nereus native utility token, NXUSD, against  $508,000 worth of collateral. The report also revealed that the hacker used multiple liquidity pools to swap funds into different cryptos.

Nereus, in the report, added that the hackers siphoned about $371,000 worth of NXUSD. This leaves the protocol with just $500,000 worth of the token “bad debt.” Now, the protocol has reportedly settled the debt with its treasury.

The protocol says it intends to incorporate TWAP calculations on its network. In addition, Nereus revealed that TWAP calculations would also be incorporated, which “will be implemented alongside other upgrades to pricing feeds for collateral assets that do not have Chainlink Oracles.”



Join Our Telegram channel to stay up to date on breaking news coverage

Read next