Polygon-Based Decentralized Exchange Quickswap Loses $220K in Flash Loan Exploit

On Monday, the Polygon-based decentralized exchange (dex) Quickswap lost $220K in a flash loan exploit and following the attack, the team detailed the Quickswap Lend platform will be terminated.

2022 has been quite the year for decentralized finance (defi) hacks as billions have been stolen due to mistakes, flash loans, faulty smart contracts, and unchecked lines of code. On October 24, Quickswap explained that the Market XYZ lending market was compromised for $220,000.

“Quickswap Lend is closing,” the team’s Twitter account noted on Monday. “$220K was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which [Market XYZ] was using. Only the Market XYZ lending market was compromised. Quickswap’s contracts are unaffected.”

Quickswap also added that Qi Dao provided the seed funds for the Market XYZ lending market and stressed that “no user funds were compromised.” The dex is encouraging users with funds deposited on Market XYZ’s open markets to withdraw them immediately as Quickswap Lend will be sunsetted.

The recent Quickswap attack follows the Mango Markets hack and the recent Olympus DAO exploit. Olympus, like a number of recent defi projects, got the funds back after the exploit took place after bargaining with the hacker. Last week, Bitcoin.com News reported on the Chainalysis study that shows crypto hackers have made off with over $3 billion this year from 125 exploits.

In regard to the Quickswap exploit, the blockchain audit and security firm Peckshield explained that the vulnerability was discovered on October 11, 2022. “It is a price manipulation issue,” Peckshield tweeted. “The Mimatic market uses Curvepooloracle for price feed, which is manipulated to borrow funds from the market,” the blockchain security analysts from Peckshield added.

Qi Dao, the provider of the Market XYZ lending market’s seed funds, are the creators of the Mimatic (MAI) stablecoin. Blockchain security and Web3 auditor, Chainsecurity, disclosed the exploit in the blog post shared by Peckshield after the hack. Mimatic (MAI) did slide to a low of $0.9895 on October 23, according to coingecko.com statistics, but the MAI stablecoin is currently exchanging hands for $0.993 per unit at the time of writing.

What do you think about the recent Quickswap exploit? Let us know what you think about this subject in the comments section below.