A flash loan attack launched against New Free DAO (NFD) has drained $1.25 million from the protocol and caused its token price to crash by 99%.
Blockchain security firm Certik raised an alarm about the attack via Twitter on Sept. 8. The attacker manipulated NFD’s “addMember()” function to add himself as a member, which gave him access to use the unverified contract to execute three flash loans.
New Free Dao – $NFD was exploited via flash loan attack gaining the attacker 4481 WBNB (approx. ~$1.25M) causing the token to slip in price 99%.
The attacker has connections to Neorder – $N3DR attack from 4 months ago where they took 930 BNB at the time. pic.twitter.com/5Rcht3YiIK
— CertiK Alert (@CertiKAlert) September 8, 2022
The attacker was able to borrow 4481 WBNB and swapped it for NFD tokens amounting to $1.25 million which forced the token price to crash by 99%.
About $500,000 is said to have been swapped to BUSD and being laundered through sanctioned mixing protocol Tornado Cash.
Attackers take to Avalanche
In less than 24 hours, the crypto community had to battle two flash loan attacks, including that of Avalanche.
On Sept. 7, a flash loan attack on the Avalanche blockchain wiped off $370,000 USDC from protocols building on the network.
CertiK Skynet has reported a #flashloan attack on #AVAX impacting contract 0xe767c… & some LPs. The attacker profited ~$370k USDC.
Possible impacted protocols include:@nereusfinance @traderjoe_xyz @CurveFinance
Contact us for analysis.Stay Frosty!☃️ pic.twitter.com/bZvtgVPpl4
— CertiK Alert (@CertiKAlert) September 7, 2022