WOOFi Exploited on Arbitrum, Swift Response Contains Threat
On March 6, 2024, decentralized exchange WOOFi identified an exploit on its platform on the Arbitrum network. The attacker utilized flash loans to manipulate the price of the WOO token, allowing them to repay the loans at a cheaper rate. The exploit resulted in a loss of approximately $8.5 million.
WOOFi's swift response contained the threat within 13 minutes of detection. The platform, in collaboration with close partners, paused the respective contracts at 16:02 UTC and began an investigation. All other WOO contracts were marked as safe, and the impact was limited, with no risk to user assets in Earn vaults, WOOFi stake, or other WOO contracts.
The WOOFi team has initiated efforts to retrieve the lost funds, offering a 10% whitehat bounty to the exploiter. Additionally, a bounty has been placed on Arkham Intelligence for anyone who can provide further information about the incident.
WOOFi aims to have its Swap function fully operational within two weeks, following contract updates and additional audits. Meanwhile, WOOFi Pro, Stake, and Earn remain unaffected and fully operational. Depositors can withdraw their funds as usual if desired.
The platform expressed gratitude to its close friends and partners who quickly supported them during the incident, specifically mentioning the alliance of SEAL Organization, including storming0x, pcaversaccio, gbvpzffd2r, 0xVazi, invlpgtbl, tonyke_bot, FrankResearcher, as well as aiham_eth and chainalysis.
As a precautionary measure, WOOFi urges all users to revoke token approvals to prevent potential loss of funds while the investigation continues. The platform recommends reviewing approvals immediately and provides a link to revoke approvals on over 70 networks.
This incident marks the first time WOOFi has experienced such an exploit, and the team is determined to prevent similar occurrences in the future. Users are advised to stay alert and cautious of malicious actors attempting to impersonate WOOFi during this time. No immediate action is required from users, aside from reviewing token approvals.
Image source: Shutterstock