$371,000 Worth of USDC Stolen as a Result of Avalanche Flash Loan Exploit

The officials at Nereus Finance have recently notified the community about a crafty hack. The officials have revealed that their protocol became a victim of a hack.

$371k Lost Following a Hack

According to Nereus Finance, the lending protocol based on Avalanche, the hacker was able to exploit $371,000 following the hack.

As detailed by Nereus Finance, the hacker used the smart contract exploit and he was able to steal funds in the form of USD Coin (USDC). The funds that the hacker exploited accounted for $371k.

CertiK Detected the Exploit

As the exploit took place, CertiK, a major blockchain cybersecurity firm was the first to highlight it. The teams at CertiK were first to detect the exploit and they triggered alerts so it could be stopped from taking place.

The exploit reportedly took place on Tuesday and the hacker was able to steal the funds from Nereus Finance. The hack carried out by the hacker had a huge impact on protocols linked with Nereus Finance.

Other networks connected with Nereus Finance that were impacted by the hack were Curve Finance and Trader Joe’s. Curve Finance is an automated market maker (AMM) while Trader Joe’s is a decentralized exchange (DEX).

The exploit reportedly impacted the liquidity pools belonging to Nereus Finance linked with Curve Finance and Trader Joe’s.

Curve Finance Denied CertiK’s Claim

Although CertiK claimed that the underlying protocols were impacted, Curve Finance had a different statement to make. According to the officials at Curve Finance, they were not impacted by the exploit at all.

They reportedly claimed and corrected CertiK through their Twitter profile that it was Nereus Finance whose assets were impacted. They confirmed that only the assets of Nereus Finance were impacted and not the protocol itself.

Post-Mortem Report by Nereus Finance

It was on Tuesday when Nereus Finance released a post-mortem report surrounding the incident that took place.

The report revealed that a hacker pretending to be a user on the protocol was able to deploy a smart contract that was custom in nature. With the help of the contract, the hacker was able to utilize a flash loan that was worth $51 million.

The exploiter was able to do it through the Aave protocol and he was able to manipulate the pool price of the AVAX/USDC Trader JLP. The hacker was able to carry out the manipulation for a single block.

How the Hacker was able to Get Away with $371k

As the hacker was able to carry out the hack without facing any difficulties, he was able to mint 998,000 NXUSD, a native token on Nereus Finance.

The minted NXUSD accounted for a collateral amount worth $508,000. Then the hacker was able to exchange the tokens through a number of liquidity pool platforms.

Finally, the hacker was able to accumulate an amount worth $371,406 and ran away with it.