Crypto lender Exactly Protocol has suffered a hack, reportedly resulting in the loss of as much as $12 million.
The decentralized credit market, which operates on the Optimism network, was targeted by a bridge exploit, CoinDesk reported Friday (Aug. 18), citing information from blockchain security firm De.Fi.
The hacker utilized an exploiter contract on Ethereum to move deposits to Optimism and then bridged the stolen funds back to Ethereum, according to the report. The hack resulted in an estimated loss of 7,160 ether (ETH), equivalent to $12.04 million at current prices.
Exactly Protocol said in a Friday (Aug. 18) tweet: “We’re actively investigating a security issue within our protocol. To ensure user safety, the protocol is temporarily paused (you can still withdraw assets). Our team is on top of this and will share more details ASAP.”
Following the hack, Exactly Protocol’s native governance token, EXA, experienced a decline of over 12%, according to the CoinDesk report.
This incident highlights the vulnerability of cross-chain bridges, which have become a popular target for hackers due to their relatively new technology, the report said. Bridge hacks have been a persistent issue, with Chainalysis reporting that over $2 billion was lost to such attacks last year.
Sixty-four percent of the losses suffered by decentralized finance (DeFi) actors in 2022 came from cross-chain bridge protocols, Chainalysis said in February.
Cross-chain bridge protocols let users move their cryptocurrency assets from one blockchain to another, PYMNTS reported at the time. This is done by locking user assets into a smart contract on the original chain and then mining an equivalent asset value on the second chain — in effect, turning the smart contracts into centralized repositories of funds used to back the assets on the new chain. That makes them ripe for bad actors and hackers to pillage if any weak spots in the code exist and can be exploited.
In one hack, the cross-chain payments bridge of Binance’s BNB Chain blockchain suffered a loss of $570 million in cryptocurrency. The exchange was able to contact the controlling validator who runs the proof-of-stake blockchain and get them to halt it briefly, so the thieves were only able to make off with $100 million.