Visor – a Uniswap-based protocol specializing in NFT smart vaults – was recently exploited by hackers to withdraw 8.8 million vVISR tokens. The Visor team appears to be addressing the issue, but the token’s price has collapsed in the aftermath.
Hacked For Millions
Visor Finance called attention to the exploit over Twitter earlier today. Apparently, the hack targeted the vVISR staking contract. Flaws in the contract include a re-entry hack to double mint vVISR tokens, alongside another allowing the tokens to be freely and limitlessly minted.
The protocol stated that no positions or hypervisors are at risk from the exploit, and that affected VISR stakers would be restored. Shortly afterward, the team announced that it would implement a “token migration” based on the state of the protocol pre-exploit. “Trades subsequent to the vVISR exploit will not affect your redeemable amount,” they said.
The exploit has dealt terrible damage to vVISR’s price. According to Coinmarketcap data, the token was hovering at $0.92 as of 9:30am EST this morning, before quickly collapsing to $0.03 before noon. Trading volume tripled within that timeframe after the hacker sold all of his tokens through Uniswap.
He also used Tornado Cash – a non-custodial privacy protocol built on Ethereum – to conceal his identity. Tornado was used by the SquidGame Token scammers in October to escape with their stolen funds without a trace.
This isn’t the first time Visor has experienced a major hack. Back in June, $500 million was stolen from the network – about 16% of its TVL at the time.
Defi Hack Season
Defi hacks and scams have been rampant in crypto over the past year. On Monday, Bent finance informed its users of a possible network “exploit,” and is now suspected of committing a deliberate rug pull. The staking platform has disabled reward claims, and data analytics company Peckshield said that the hacked transaction was conducted by Bent Finance’s deployer.
The biggest Defi hack yet took place this August, when $600 million worth of various cryptos were stolen across multiple networks including Ethereum, Polygon, and Binance Smart Chain. This rivaled some of crypto’s greatest hacks in history in dollar-denominated terms.