Eleven Finance hit by lightning lending attack, losses total $4.5 million

On June 23, Eleven.finance, a revenue aggregator on Coin Smartchain (BSC) and Polygon (MATIC), lost $4.5 million due to a hacking attack.

There were concerns that the attack was on the much larger Nerve Finance, but it was actually Eleven Finance’s NRV vault.

The perpetrators did not rest, who would launch an attack at such a time?

Eleven Finance hit by lightning lending attack, losses total .5 million

The details of the transaction are here: https://bscscan.com/tx/0xeaaa8f4d33b1035a790f0d7c4eb6e38db7d6d3b580e0bbc9ba39a9d6b80dd250

The root cause is a function in the middle vault called EmergencyBurn(), which is used to track anySwap / Nerve bridge assets nrvBTC, nrvETH and nrvFUSDT in the Eleven protocol “MasterMind” liquidity mining contract. and nrvFUSDT.

The attacker first converts the underlying assets (CoinAnchored BTC, ETH and USDT) in the Lightning Lending “MasterMind” contract into nrvBTC, nrvETH and nrvFUSDT, respectively.

Nerve 3Pool and PancakeSwap BUSD – NRV liquidity provider positions are also affected.

A vulnerable function emergencyBurn() in the intermediate vault contract allows an attacker to withdraw the deposit balance without having to specify the withdrawal internally.

The result is that the attacker is able to withdraw not only his own deposit, but also the entire balance in the same amount as in the previous vault.

Finally, the attacker uses the Nerve Asset Bridge to transfer 2,293 ETH proceeds to address 0xdb2d590aCe7cAe51DF1fB3312738038Ec032Bf33.

Attack steps.

Borrowing the underlying asset from PancakeSwap (Flash Swap).

Convert the asset to a Nerve asset.

Deposit the Nerve assets into the “MasterMind” contract via the intermediate vault.

Calling the emergencyBurn() function on the intermediate vault to transfer an amount equal to the previously deposited amount (equal to the vault balance before the attack) to the attacker.

Continuing the periodic withdrawals and transferring the balance of the previously deposited assets back to the attacker.

Loss of funds

30.75 BTC (nrvBTC), worth approximately $1.05 million.

286 ETH (nrvETH), valued at approximately $561,000.

2.241 million BUSD (NRV 3Pool LP).

647,000 BUSD (NRV – BUSD LP).

In total, about $4.5 million in funds just disappeared, and the incident is tentatively ranked #27 on the ever-expanding rekt charts.

Peckshield blames this on “stupid logic problems”.

Eleven Finance hit by lightning lending attack, losses total .5 million

Fear and greed are on the rise, and since honest jobs are harder to find, will we see more attacks?

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/eleven-finance-hit-by-lightning-lending-attack-losses-total-4-5-million/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply