The latest decentralized finance () exploit victim this week is the active liquidity management protocol Visor Finance.
protocol team reported the incident in a in the late hours of Dec, 21. It stated that the staking contract had been exploited and user funds would be replaced.
We are aware of an exploit of the vVISR staking contract and are implementing a migration plan for affected VISR. No positions or hypervisor’s are at risk.
An hour or so later, Visor Finance stated that it will be implementing a token migration based upon a snapshot before the exploit.
Not the first time
In a post mortem a few hours later, the Visor team revealed that a malicious smart contract drained the protocol’s staking contract of 8,812,958 VISR tokens. At the time of the exploit, this was valued at around $8.1 million.
A flaw in the staking contract enabled a user-created contract to manipulate the transfer function and drain the staking pool. It comes a little too late, but Visor Finance said that its current audits are in process and a new contract will be written;
We are engaged with both Quantstamp and ConsenSys Diligence for December and January audits and this new staking contract will be included.
The team stated that it will be launching a new token, replacing the old VISR token ticker symbol with the new one. It added that this has already begun and users will get recompensed 1:1 with the new token which it has already started listing. “No one should buy VISR as it will not be redeemable for the new token,” the blog post stated.
It’s not the first time the protocol has been exploited. In late June an attacker obtained access to an account that managed some of its admin functions resulting in the theft of around $500,000
VISR token collapses
Just as it did when the protocol was exploited earlier this year, the VISR token has collapsed to virtually zero.
Before the hack, around nine hours ago at the time of press, VISR was trading at $0.93 according to CoinGecko. It has currently crashed to $0.02 having lost 97.5% over the past few hours. The beleaguered token is currently down 99.4% from its May 5 all-time high of $4.11.
It is the second major DeFi exploit in as many days as Grim Finance lost $30 million on Monday
