Visor Finance was drained of $8.2 million today after a hacker exploited a reentrancy bug.
The DeFi protocol Visor Finance has been hacked, resulting in over $8 million worth of losses.
A hacker is thought to have exploited a reentrancy bug that allowed them to withdraw funds from a pool.
The team has announced a token migration after VISR crashed 95%.
Share this article
The Visor Finance team says it will be launching a token migration to compensate affected users.
Hacker Targets Visor Finance
Visor Finance is the latest DeFi protocol to suffer a multi-million dollar hack.
The Ethereum-based DeFi project, which aims to enable programmable liquidity, was drained of 8.8 million VISR tokens today after a hacker exploited a reentrancy bug. At the time, VISR was trading at roughly $0.93, bringing the total losses to around $8.2 million.
Reentrancy bugs can prove fatal in DeFi as they create a way for an attacker to mint an unlimited amount of tokens. Though a full post-mortem report has not yet surfaced, it’s thought that the hacker used the bug to change the owner of the rewards contract so that they could mint extra vVISR rewards tokens.
The Visor team shared details of the hack this afternoon, noting that it had discovered an exploit affecting its vVISR staking contract. The team added that no positions or hypervisors were at risk. The incident mainly affects VISR stakers and token holders because it has plummeted since the attack. One VISR is worth only $0.04 at press time after shedding over 95% of its value.
To compensate users, the Visor team has announced that it will be arranging a migration date based on a snapshot taken before the hack. Token migrations are a popular strategy for overcoming DeFi hacks. They work by allowing token holders to redeem an equivalent amount of new tokens based on their original holdings. In this case, they’ll be able to redeem based on the amount of VISR they held.
Visor presents itself as an asset management protocol for the DeFi ecosystem. It’s built on Uniswap V3 and aims to create a way for projects and liquidity providers to optimize their returns. Users can deposit assets to a vault in return for an NFT, and their assets are managed by other smart contracts called Hypervisors and Supervisors. Visor raised $3.5 million in July from several big industry players, including 1confirmation, Digital Currency Group, DeFi Alliance, and Spartan.
While Visor has gained traction since its launch, its path hasn’t been particularly smooth. It’s been hacked multiple times throughout this year, though it dismissed its most recent incident in November was the result of “Uniswap V3 arbitrage.” Interestingly, the protocol has been audited by CertiK, a security firm that’s reportedly missed other DeFi vulnerabilities in the past. It also has an ongoing audit with Quantstamp.
Etherscan data shows that the attacker has already traded the majority of their VISR tokens for ETH via Uniswap. They’ve also begun funnelling funds through Tornado.Cash, a bundler for preserving Ethereum transaction history. However, they’ll end up with far less than the $8.2 million notional value due to the token’s illiquidity causing the price to significantly decrease. They’ve deposited 243 ETH worth $978,561 at press time with about 3.6 million VISR and 0.475 ETH worth a combined total of $135,000 sitting in their wallet. Their identity is currently unknown.
This story is developing and will be updated as further details emerge. Visor Finance did not immediately respond to Crypto Briefing’s request for comment.
Disclosure: At the time of writing, the author of this feature owned ETH and several other cryptocurrencies. They also had exposure to UNI in a cryptocurrency index.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.