Eleven Finance Faces FlashLoan Attack on NRV Vaults Stealing Over 4.5 Million

Eleven Finance’s Nerve Finance vaults suffer flash loan attacks, resulting in 100% of deposited funds lost.

By
John Tunney
on
June 25, 2021
Category:
BSC News

Eleven Finance Gets Flash Loan Attacked 

 Eleven Finance has been the latest victim of the flash loan attack. The attack which happened sometime on June 22nd, was then recognized and discovered by Eleven Finance, addressing their community on June June 24th about the recent developments. Eleven Finance currently has a TVL of $72,360,355 and operates on the Binance Smart Chain.

Important details about the attack: 

  • 4.5 million dollars have been stolen from Nerve Finance (NRV) vaults on Eleven Finance resulting in 100% loss of funds from affected vaults 
  • Nerve Finance vaults on Nerve Finance and Wault Finance are reportedly safe
  • The attacker exploited original coding, not an update. (The auditors as well as Eleven Finance missed the mistake!)
  • The attack, as reported by Eleven Finance, were isolated to NRV vaults. These NRV vaults make up around 4% of Eleven Finance’s TVL. 

According to Eleven Finance’s post-attack medium article, the following vaults were affected: 

  • 3nrv
  • anybtc/btc
  • anyeth/eth
  • nrv/busd
  • bfusd (just unutilised funds in NRV vaults, not funds being lent)
  • nrvfusdt

At the moment, it would seem as if a hacker was able to use a flash loan to steal over $4 million dollars from the Eleven Finance platform. The attack exploited a weakness in the NRV vaults on the Eleven Finance protocol. For anyone who has money locked up in those vaults, patience is key. Eleven Finance is doing what they can to recover funds and develop a compensation plan for those affected. 


How The Exploit Happened

According to Eleven FInance’s medium article, the hacker was able to exploit an old function that was on the platform. The error was in the original coding, which was terrifyingly enough, overlooked by the auditors. The audit report prior to the attack can be viewed on Eleven Finance’s audit page.

The error is being attributed to “developer oversight” but many are now questioning the integrity of the auditors. What happened was the Emergency Burn Function was not burning shares as it should have been, which allowed the hacker to execute the attack. 

The Eleven Finance team are taking full responsibility for the mistake, as they have tracked the error to the recent update. It’s unknown how the attack will affect Eleven Finance, however, as flash loan attacks continue to happen, it becomes unnerving to know that auditors missed the error. Hopefully protocols develop stronger security measures, like Alpaca Finance’s Oracle Guard, to combat future flash loan exploits.


What is Eleven Finance?

Eleven Finance is a yield optimizer platform. The protocol is run on the Binance Smart Chain (BSC), and has grown quickly in popularity within the crypto/BSC community. The purpose of the vault is to bring high APYs to the Binance Smart Chain community. Eventually, the platform looks to host a broad ecosystem of yield optimizing vaults.

Tags:
No items found.
John Tunney

John Tunney is an accomplished analyst and crypto enthusiast. The UCLA alum has been actively reporting and blogging for 3 years, and has a passion for all things finance.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.