Rodeo Finance, Built on Arbitrum, Falls Victim to Second Exploit: $1.5M Theft Reported

Rodeo Finance, a decentralized finance (DeFi) protocol built on Arbitrum, suffered another security breach resulting in the theft of approximately $1.53 million. This recent exploit targeted a code vulnerability within Rodeo Finance’s Oracle, leading to the loss of over 810 Ether.

Insights provided by blockchain analytics firm PeckShield reveal that the attacker subsequently transferred the stolen funds from Arbitrum to Ethereum. They then exchanged 285 ETH for unshETH and deposited the ETH into Eth2 staking. To further obfuscate the transaction trail, the exploiter utilized the popular mixer service Tornado Cash, commonly employed by attackers seeking to cover their tracks.

The attack leveraged manipulation of time-weighted average price oracles, which are crucial for DeFi protocols to calculate the average price of assets within specific timeframes and mitigate market volatility. Unfortunately, this vulnerability allows attackers to manipulate the calculated average price, granting them an advantage during transactions and facilitating the exploitation of the protocol.

The attacker’s strategy involved borrowing a substantial amount of an asset and artificially manipulating the price to purchase the same asset at a deflated value. Afterward, they repaid the loan, securing profits based on the artificially reduced price resulting from their manipulations.

The attacker’s wallet still retains approximately 374 ETH, and Etherscan has flagged the address as linked to the Rodeo exploit. Following the breach, Rodeo Finance’s total value locked (TVL) plummeted from $20 million to below $500.

Moreover, the exploit had a significant impact on the price of the DeFi protocol’s native token, which experienced a decline of over 53% within the past 24 hours.

The exploit on Rodeo Finance marks the fifth largest recorded attack on the Arbitrum Network in 2023, with a total of 21 incidents occurring this year, resulting in a combined loss of over $20 million. Notably, Rodeo Finance had previously suffered an exploit on July 5, amounting to approximately $89,000 due to a vulnerability in their mintProtocolReserves function.

For more news, find me on Twitter or subscribe to my YouTube channel.

What is your opinion on this issue? Leave me your comment below! I’m always interested in your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended for you