On January 12, an attacker targeted Wise Lending, a Web3 lending app and yield aggregator, draining 170 Ether valued at $440,000. Security experts suspect the exploiter manipulated an oracle price using a flash loan to carry out the attack.
The assailant utilized an unverified contract, ending in d82c, to drain funds at 7:29 pm UTC.
Tokens, including $9,000 USD Coin, $2,000 Tether, $5,000 Dai, 18.51 Wrapped Ether (WETH) ($47,694), and various Pendle Finance-associated tokens, were transferred to this contract.
Additionally, the attacker borrowed 1,110 Lido Staked Ether (stETH) tokens ($2.9 million) from the Aave lending protocol. Pseudonymous blockchain security researcher Spreek first reported the attack on X (formerly Twitter), while Officer’s Notes suggested a vulnerability linked to a new Pendle Finance derivative token.
This incident adds to the early 2024 exploits, following Radiant Capital’s $4.5 million loss on January 3 and Gamma Protocol’s $400,000 loss the next day. In 2023, crypto hacks, scams, and exploits accounted for over $1.8 billion in losses, as reported by blockchain security platform Certik.