Despite getting audited by two firms, CertiK, and SmartDec, and Pessimistic, the platform’s saving pool got hit by hackers who siphoned $2M. The attack is referred to as Delphi Savings Pool Exploit.
According to the platform, “At ~14:36 GMT we noticed a discrepancy in the APYs of our stable coin pools and identified that ~2.0mn DAI had been drained out of the yCurve and sUSD pools,” Akropolis stated in the announcement.
According to The Block researcher Steven Zheng and Andrianova, the hackers penetrated the saving pool in trenches of $50k in DAI from the project’s yCurve and sUSD pools.
A Close investigation confirms the hackers exploited the protocol in two ways; a re-entrancy attack, an attack that allows a user to withdraw more funds from a contract than the contract holds and DY/DX flash loan.
The platform is issued in a newsletter that they are making efforts to address the situations. For instance, they confirmed the wallet address holding the funds and are working towards recovering them.