The Popsicle Finance DeFi project was subjected to a hacker attack, as a result of which it lost $20.7 million.
The error was found in the Sorbetto Fragola project product. It allows users to place assets in the most profitable liquidity pools. According to the Popsicle Finance website, the solution was developed specifically for Uniswap v3, which introduced concentrated liquidity.
According to the DeFi protocol, the attacker emptied 85% of Sorbetto Fragola pools.
“The hacker made the contract believe that he received the same amount of commissions as the total amount of funds blocked in the pool and, based on this, is entitled to $20.7 million that were in the pool,” the project said in a statement.
Subsequently, he exchanged the received coins for ETH on Uniswap, and then sent them to the Tornado mixing service.Cash to launder funds, according to Popsicle Finance.
SushiSwap developer Mudit Gupta stated that “the hack was complicated, but the bug is simple.” According to him, as a result of the attack, the hacker withdrew $ 25 million.
For a refund, Popsicle Finance offered the attacker $1 million “in any currency”.
Deposits for all pools are blocked, the only pools available for withdrawal are AXS/ETH, YGG/USDC, LINK/ETH and all EURt pools. Users were urged to withdraw funds from them.
The team promised to tell the users about the compensation plan later.
Recall that in July, the THORChain DeFi protocol team announced the suspension of work after several hacker attacks.