Data from Etherscan shows that that the hackers drained out the pools with more than 2,030,850 Dai (DAI). The attackers then moved these funds to a different address. As of the publication time, the stolen funds are in the second address.
Responding to the hack, the DeFi protocol released a statement stating that the majority of their funds are safe. Although, they would be currently pausing all the stablecoin pools.
Akropolis founder and CEO Ana Andrianova had claimed that the attack was executed similarly to another DeFi protocol Harvest Finance in October where hackers exploited more than $24 million from the platform’s pool to swap it for renBTC.
Akropolis did mention in the statement that the exploit used was a combination of a re-entrancy attack with dYdX flash loan origination.
The auditing of Akropolis smart contracts was conducted by security company CertiK. Reportedly, the company missed the two attack vectors by the hackers. The security firm has also conducted audits on DeFi lending protocols bZx, which was already attacked three times in this year alone.
Several DeFi projects have been attacked recently. Crypto analytics firm CipherTrace has suggested that hacks on DeFi protocols were virtually negligible last year and now they account for more than 20% of crypto losses. According to CipherTrace crime in DeFi protocols has only increased this year. It reduced by $1.8 billion across major cryptocurrency and blockchain projects across the industry.