- Solend, a Solana-based lending protocol, lost $1.26 million in bad debt as a result of a market manipulation attempt.
- Users can borrow money and get interest on digital assets using Solend’s decentralised lending system.
- The hacker took advantage of a weakness in the project’s price-data oracle, which keeps track of the costs of different crypto assets.
A market manipulation attack cost Solend, a Solana-based lending protocol, $1.26 million in bad debt. Solend disclosed the incident. According to security company PeckShield, the attack happened on Wednesday.
With the aid of lending pools, Solend operates a decentralised lending system that enables users to borrow and earn interest on crypto assets.
The company confirmed the vulnerability and stated that three loan pools holding Hubble stablecoins, Coin98 tokens, and Kamino tokens were the focus of the assault. Solend tweeted, “An oracle attack on USDH was found, affecting the Stable, Coin98, and Kamino isolated pools, resulting in $1.26M in bad debt.
An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt. All other pools including the Main pool are safe.— 🙏🚫 Solend (we're hiring!) (@solendprotocol) November 2, 2022
Affected pools have been disabled and exchanges have been notified of the exploiter's address.
After the event, the three affected pools were frozen. The Solend additionally explained that all other loan pools were unaffected. The Solend team claims that the hacker exploited a flaw in the project’s price-data oracle, which tracks the prices of various crypto assets.
Malicious actors typically target loan protocols where they can artificially raise the value of some crypto assets and borrow money from other assets with the purpose of never paying it back. Bad debt, or debt that is unlikely to be repaid, is the result of this.
Anatoly Yakovenko, CEO of Solana Labs, called the episode a case of market manipulation. In addition to Oracle’s reliance on a single low liquidity pool, Yakovenko added, “It was a market manipulation attack.”