Sure enough, it’s a makeshift operation. Yesterday, ETH’s hottest token, $LOOP, peaked at $6.5M—today, it was drained, crashing to $1.2M. A guy bought $LOOP in the USDC pool to pump its price, then dumped large amounts of $LOOP in the main pool, triggering liquidations. After the liquidations, $LOOP’s price collapsed, allowing the attacker to buy it back at a low price to repay the loan and pocket the spread. He made $3.4M. While the profit isn’t enormous and there was no exploit or vulnerability—the contract was simply designed this way—anyone could have done it. After reviewing it closely, the LOOP lending protocol is poorly designed. The oracle uses Uniswap V4’s current spot price directly, the liquidation threshold is too low (LTV at only 40%), and there’s no slippage protection. All an attacker needs to do is dump a large amount of $LOOP in the pool to crush the price below the liquidation line, triggering a fire sale of borrowers’ collateral—and turn the protocol into an ATM.
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.