Advertisement
Advertisement

Visor Finance Suffers another DeFi Hack as Losses Mount Up to $8.2M

By:
Tanvir Zafar
Updated: Dec 22, 2021, 11:57 UTC

Visor DeFi faces an exploit for the second time this year just days after Grim Finance lost 20M to hackers.

BadgerDAO is Latest DeFi Project to Lose Millions to Hackers

Visor Finance is the latest DeFi protocol to suffer a multi-million dollar hack. As a result of the hack, Visor Finance lost 8.8 million VISR tokens due to a reentrancy flaw exploited by the hacker.

At the time of the hack, VISR tokens traded at around $0.93.

The Visor DeFi Smart Contract Exploit

On December 21st, 2021, 02:29:11 PM UTC, a malevolent contract stole 8,812,958 VISR tokens from Visor Finance’s staking contract.

Hackers used the IVisor delegateTransferERC20 interface to generate the exploit. The hackers also used the withdrawal function of the staking contract to call for the desired VISR amount. As a result, reliance on an external IVisor delegateTransferERC20 implementation by the caller allowed the exploit to succeed.

Bugs in the Visor decentralized system opened a door for an attacker to get away with crypto tokens. A full post-mortem investigation has not yet been conducted, but it is believed that the hacker exploited the vulnerability to assume control of the rewards contract. As a result, they could create extra VISR tokens.

Reentrancy bugs can be deadly in DEXs since they allow an attacker to create an infinite number of tokens. The Visor team announced the breach shortly after it occurred, stating that it had discovered a bug in its VISR staking agreement.

The team also stated that no positions or hypervisors were at risk. The assault primarily affects stakers and token holders since it has dropped dramatically since the attack. One VISR is valued at just $0.04 right now, having lost 95% of its value.

Users Compensation

The Visor team has stated that it will establish a migration date based on a before-the-hack snapshot to make up for it. The strategy of token migrations is a common way to counter DeFi hacks. They function by allowing token holders to exchange an equivalent quantity of new tokens for their existing holdings.

Users will redeem based on the total amount of VISR they had before the hack occurred. Although Visor has gained popularity since its debut, its financial journey hasn’t been without hiccups. It’s been breached several times this year. However, it characterized the most recent incident in November as a “Uniswap V3 arbitrage.”

Surprisingly, the protocol has been audited by CertiK, a security company that has previously missed other DeFi flaws; however, after the attack got an ongoing audit from Quantstamp.

According to Etherscan data, the attacker has already exchanged most of their VISR tokens for ETH via Uniswap. In addition, they’ve started funneling cash through Tornado.cash, a bundler for preserving Ethereum transaction history.

However, because of the liquidity issue, their investment will ultimately result in significantly less than $8.2 million worth of notional value.

About the Author

Tanvir Zafarcontributor

Tanveer Zafar is a independent crypto journalist. He is passionate in covering topics about Blockchain, Cryptocurrency and Markets. He has five years of writing experience in these areas of interest. You can find his pieces featured on FXStreet, Benzinga, Investing and many more finance magazines. Tanveer has done his BS in Software Engineering at GC University. Previously, he has worked as a banker.

Did you find this article useful?

Advertisement