Another hit on Avalanche as Vee Finance exploited for $35 million
The team has tried to initiate the communication with the attacker, who has not yet transferred or processed the stolen funds.
Another decentralized finance (DeFi) protocol on Avalanche (AVAX) chain, Vee Finance, has fallen victim to an attack, merely a week after Zabu Finance got hit.
The lending protocol platform has confirmed the exploit on Twitter, which counts as the second major attack in the Avalanche ecosystem.
$35 million gone
“Our platform may have been exploited. All services have been paused. We are investigating the cause, please follow our official accounts for the latest update,” alarmed the exploited protocol while releasing the news on Twitter.
Announcement: Our platform may have been exploited. All services have been paused. We are investigating the cause, please follow our official accounts for latest update.
Thanks!— vee.finance? (@VeeFinance) September 20, 2021
“As this incident occurred in the pending contract, the assets on the Stable Coin sector were not affected by the attack,” read the team’s announcement on Medium, reassuring that Tether (USDT), USD Coin (USDC) and DAI tokens remain safe “for the time being.”
Dear VEE community, please check the below article to see updates about VEE's incident and FAQ. https://t.co/k6A694AgZA
— vee.finance? (@VeeFinance) September 21, 2021
“We’re willing to launch a bounty program for the bug you identified. Please connect us via email or other contact you prefer,” the Vee Finance team reached out to the attacker, showing a willingness to negotiate.
Dear Mr/Ms 0x**95BA,
This is VEE Finance team, we’re willing to launch a bounty program for the bug you identified. Please connect us via email or other contact you prefer.https://t.co/24R5XuSDDS pic.twitter.com/HwSNRi838g— vee.finance? (@VeeFinance) September 21, 2021
By disclosing the attackers’ address, the team has revealed that the platform was exploited for a total of 8803 Wrapped Etherem (WETH), worth roughly $26 million, and 213 Wrapped Bitcoin (WBTC), worth around $9 million.
Investigation report coming ASAP
“According to address monitoring, the attacker has not yet transferred or processed the attacked assets any further,” added the team, while giving confidence it is working with contract auditors and exchanges in order to locate the malicious actor and assist in recovering the assets.
In the meantime, the protocol, which has thus far revealed only scarce information about the incident, promised to submit a full report as soon as possible, rejecting the rumors about a possible inside job.
This is not https://t.co/OAPeeOaX4K contact.https://t.co/OAPeeOaX4K team will publish the investigation report as soon as possible.
⚠️Don’t trust any false information https://t.co/PFE2sMq6f1
— vee.finance? (@VeeFinance) September 21, 2021
Shortly prior to the exploit the DeFi lending platform celebrated surpassing $300 million in total value locked (TVL).
We are excited to announce that the total value is locked on https://t.co/OAPeeNTmdc surpasses $300 million?
? TVL has grown by $100 million in 12 hours
The APR of the VEE-AVAX and VEE-USD.e pools is still over 550%.https://t.co/EiKEFcfz4e
— vee.finance? (@VeeFinance) September 19, 2021
Following the exploit, the value of the protocol’s native token VEE took a beating, tanking almost 38% in the past 24 hours, but has witnessed some recovery since and is currently trading at $0.12.