Decentralized exchange (DEX) QuickSwap is ending its lending pool after sustaining losses in a flash loan attack.
The Polygon () based DEX says $220,000 worth of tokens were stolen following an exploit of DeFi platform Market XYZ.
The platform the incident stems from a flaw in automated market maker (AMM) Curve Oracle, which Market XYZ was using.
“QuickSwap Lend is closing. $220,000 was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which Market XYZ was using.”
QuickSwap says the hack did not affect any user funds and clarifies that the DEX’s contracts haven’t been compromised.
However, the platform is terminating support for Market XYZ, and urges the platform to compensate for the losses of stablecoin creator Qi Dao, which provided the pool’s seed funds.
“We are encouraging users with funds deposited in Market xyz’s open markets on QuickSwap to withdraw them now, as we are in the process of closing them down.
Blockchain security firm Peckshield the attack was achieved by compromising Curve Oracle’s price feed, and then borrowing funds based on the new inflated price.
“It is a price manipulation issue. The miMATIC market uses CurvePoolOracle for price feed, which is manipulated to borrow funds from the market.”
Peckshield also blockchain security firm ChainSecurity reported the vulnerability earlier this month.
The DeFi space has already seen several large exploits this month, including Olympus decentralized autonomous organization (DAO) and Mango Markets DAO.
