WOOFi DEX Hacked, Losing $8.75 Million

WOOFi Offers 10% Bug Bounty if Hacker Returns Stolen $8.75 Million

WOOFi DEX has recently fallen victim to a cyber attack resulting in a loss of $8.75 million.

At 10:49 PM on March 5 (Vietnam time), WOOFi Swap on the Arbitrum network was exploited through the manipulation of the Synthetic Proactive Market Making (sPMM) algorithm. Using a series of flash loans, the attacker exploited the low liquidity to significantly impact the price of the WOO token.

Specifically, the hacker borrowed approximately 7.7 million WOO tokens along with other assets and sold them on WOOFi. This action caused the WOO token price to plummet to near zero. Taking advantage of this abnormal price, the hacker swapped 10 million WOO tokens, repeating this process in a short period, thus amassing considerable profits.

WOOFi’s transaction monitoring system and other crypto security platforms quickly detected the incident. By around 11:12 PM on the same day, WOOFi announced the suspension of its swap service to prevent further losses and to conduct an investigation. Fortunately, other products such as WOOFi Stake, Earn, and Pro continued to operate normally.

In response to the hack, WOOFi has offered the attacker a bug bounty reward of up to 10% of the stolen amount if they agree to return the stolen assets.

Following the attack, the price of WOO dropped 18%, from $0.59 to $0.49, but it is currently recovering.

1-hour chart of the WOO/USDT pair on Binance at 11:00 AM on March 7, 2024.

Previously, WOO X - a sister trading platform also founded by Kronos Research - experienced a similar incident when one of its market makers was hacked, causing a temporary disruption in its operations.