The year 2020 has undoubtedly been a big one for decentralized finance, better known as DeFi. Various platforms built on DeFi have gained massive popularity, with billions of dollars being locked on them. While these platforms have seen great success, their increased exposure has meant that they are now being targeted for attacks, with several DeFi platforms falling victim this year.
The latest DeFi platform to face this challenge is Compound which suffered a liquidation to the tune of $103 million after the Dai stablecoin was exploited by malicious parties that targeted the platform.
The Attack on Compound
This new attack took place due to what has been deemed either an error or a deliberate attack on the Dai-peg-dollar data that was provided by the Coinbase oracle. As a result of this, the price of the token was placed at $1.30, which represented a premium of 30%.
This flawed increase in token price meant that some users did not have enough collateral to borrow from the platform. When this situation occurs, the automatic action taken by the network is to force liquidate borrowers’ funds. It was reported that the third-largest COMP farmer was liquidated to the tune of $46 million.
This latest incident has brought up a discussion about the protocols put on DeFi platforms. In this case, the protocol acted as it was supposed to. The problem occurred with the false pricing data provided by the Coinbase oracle that led to users being undercollateralized. Some have pointed out that a decentralized platform getting its price data from a centralized source is improper and leaves the door open for more attacks.
Previous Attacks on Compound
This is, unfortunately, not the first time that Compound has been involved in such an incident regarding malicious parties. In February 2020, a group of hackers carried out a flash attack on BZx, another DeFi platform. This was done by carrying out a loan of 10,000 ETH tokens on dYdX, another DeFi platform. The loan was then divided between Compound and BZx. the tokens sent to Compound were used as collateral for another loan of WBTC and the tokens were dumped on Uniswap.
This movement of tokens caused a spike in the token price and the perpetrators took advantage of this to pay back the initial loan and left BZx with an uncollateralized loan while profiting over 1,000 ETH tokens.