Hacker Steals $1.53M From Rodeo Finance in Second Attack this Week
• Rodeo Finance, an Arbitrum-based DeFi protocol was hacked resulting in the loss of 810 Ether (ETH) worth $1.53 million.
• The hacker manipulated the Time-Weighted Average Price (TWAP) Orcale and tampered with the pricing of the ETH.
• This is the second time that Rodeo Finance is being hacked in July 2023, causing its Total Value Locked to drastically fall from $20 million to below $500.
Rodeo Finance Exploited for Second Time
Rodeo Finance, an Arbitrum-based decentralized finance (DeFi) protocol was recently exploited for the second time in a week resulting in a loss of 810 Ether (ETH) worth $1.53 million.
The exploit was detected when Peckshield, a blockchain analytics company revealed data showing that the exploiter had transferred stolen funds from Arbitrum to Ethereum and exchanged 285 ETH for another token called ‚$unshETH‘. The hacker then used Tornado Cash – a well known mixer service – to route this stolen ETH.
Time Weighted Average Price Oracle Manipulation
The hacker manipulated Rodeo’s Time Weighted Average Price Oracle and tampered with the pricing of Ether through artificial skewing of calculated average prices of assets. They first borrowed large sums of ETH and then artificially manipulated the price to buy back their own asset at deflated prices before returning their loan and making a profit off it.
Total Value Locked Drops Significantly
As a result of this hack, not only did Rodeo’s native token plummet by 54%, but its Total Value Locked also dropped drastically from $20 million to below $500 after this happened. This is now the second time that Rodeo has been subject to exploitation since July 5th where $89,000 worth of crypto assets were lost due to vulnerabilities with its ‘mintProtocolReserves’ function..
It appears as though hackers have already found multiple ways to exploit DeFi protocols such as Rodeo Finance, leaving users vulnerable despite its many security features and protocols meant to protect them against such malicious activity. Despite these hacks, DeFi protocols are still growing in popularity which means we can expect more attacks like these in future as hackers look for new ways around existing security features.