Fortress Protocol Breached, Loses $3 Million

In the latest hours of May 8th, DeFi lending protocol Fortress Network got hit with a manipulation attack that drained most of its funds.

According to the protocol’s release, the stolen assets included 1,048.1 in Ethereum and 400,000 in stablecoin DAI.  

Although the theft surfaced this month, there are strong suggestions the process began much earlier. In fact, 19 days before the announcement went public.

Fortress Network confirmed the attack in a tweet soon after it happened. A cry for help in apprehending the culprit also followed its announcement. The DeFi lending protocol admitted to being “absolutely devastated” by the attack. 

How it Happened

Security outfit CreditKAlert shared in a detailed thread on Twitter how the hacker pulled off the heist.

According to the post, the first thing the attacker did was buy $FTS tokens using Ethereum, purchased with Tornado Cash.

He purchased enough to exceed the quorum of 400,000 needed for votes and collateral. In doing so, he was able to dominate the governance contract and pass a proposal (Proposal ID11). An action geared towards changing the collateral component in credit contracts.

Once that was done, it was easy for the attacker to borrow a great deal of assets from the loan contracts. That done, they transferred the funds to Ethereum using the Celer Network before covering their tracks with Tornado Cash.

The attacker was careful. He ran his operations at the beginning and at the end through the privacy protocol provided by Tornado. The mixing protocol on Tornado cash disrupts any link that may exist between sender and receiver on Ethereum, providing a perfect cover.

FTS, the local coin of the Binance Based protocol, has tanked up to 45% since this event.

Rising DeFi Attacks

According to Peckfield, since this year started, DeFi platforms have lost over $1.6 billion in cryptocurrency due to thefts. This is more than was stolen in the whole of 2021 put together. 

In the last two months, two high-profile attacks occurred. Axie’s Ronin network suffered the biggest damage, losing more than $600 million. In a similar fashion, Inverse Finance lost more than $15 million worth of assets. While also last month, Rari’s Fuse Protocol fell victim to the second biggest hack yet this year. 

Bitcoin live price
price change

In the wake of the Fortress breach, Peckfield and Bloc Sec. security firms have suggested Umbrella Network’s erratic price feed might have also contributed to the hack’s success. The DeFi oracle responded that an investigation was underway and that they had already dispatched a hotfix to deal with the issue.

Stay up to date with our latest articles