WOOFi, a decentralized exchange, suffered an $8.5 million Arbitrum exploit due to token price manipulation. The platform quickly contained the threat and is working to recover funds and improve security.
On March 6, 2024, the decentralized exchange WOOFi identified an exploit on its platform on the Arbitrum network. The attacker uses quick loans to manipulate the price of the WOO token, allowing them to repay the loans at a lower cost. The exploit resulted in a loss of approximately $8.5 million.
WOOFi’s rapid response contained the threat within 13 minutes of detection. The platform, in cooperation with close partners, paused the relevant contracts at 16:02 UTC and launched an investigation. All other WOO contracts were marked as safe and the impact was limited, with no risk to user assets in Earn vaults, WOOFi share or other WOO contracts.
The WOOFi team has initiated efforts to recover the lost funds, offering a 10% white hat reward to the exploiter. Additionally, Arkham Intelligence has been given a reward for anyone who can provide additional information about the incident.
WOOFi aims to have its exchange feature fully operational within two weeks, following contract updates and additional audits. Meanwhile, WOOFi Pro, Stake and Earn remain unaffected and fully functional. Depositors can withdraw their funds as usual if they wish.
The platform expressed gratitude to their close friends and partners who quickly supported them during the incident, with a special mention of the SEAL organization alliance, including storming0x, pcaversaccio, gbvpzffd2r, 0xVazi, invlpgtbl, tonyke_bot, FrankResearcher, as well as aiham_eth and chainalysis.
As a precautionary measure, WOOFi urges all users to withdraw token approvals to prevent potential loss of funds while the investigation continues. The platform recommends reviewing approvals instantly and provides a link to revoke approvals on over 70 networks.
This incident marks the first time WOOFi has experienced such an exploit, and the team is determined to prevent similar occurrences in the future. Users are advised to be alert and wary of malicious actors attempting to impersonate WOOFi during this time. No immediate action is required from users other than reviewing token approvals.
Image source: Shutterstock