How to Unlend Funds on Fulcrum (iETH to ETH, iDAI to DAI & iUSDC to USDC)
If you've been paying attention to recent DeFi news, you've probably noticed that Fulcrum, the lending and margin exchange platform created by bZx, has been the victim of two separate and effective attacks within just the past few days. These two attacks have accrued a loss for the protocol that is estimated to be around $954,000. The newly-added feature, "Flash Loans", seems to be what the hacker used to perpetrate the attacks.
The hacker manipulated the price of a specific low-liquidity exchange that the Fulcrum platform uses to procure data for its price oracle. To do so, the hacker requested a flash loan on the system of 10,000 ETH, which he proceeded to split in two. The hacker then purposefully went short on his WBTC and sold the remains on the Uniswap platform. Since the protocol utilized the price set by Uniswap, the short managed to net the hacker a hefty sum of profits, profits which Fulcrum's lenders are on the hook for.
For the second attack, the hacker did something very similar involving the price of sUSD, a cryptocurrency utilized by Synthetix, on Kyber.Network. This allowed the hacker to withdrawal 2378 ETH above the usually allowed amount for normal collateral requirements. The two attacks have had devastating effects on Fulcrum, which has taken its entire trading protocol down as they attempt to fix the loopholes that the hacker was able to take advantage of to perpetrate these attacks.
This is a giant step back for the small company and may cause it to shut down its doors for good. They were a burgeoning operation that may lack the established funds to continue to operate or even pay back the lenders.
As a result of this exploit, users of the platform quickly rushed to empty their accounts. This has caused the utility rate to hit 100% and prohibit anyone who didn't take out their funds to do so because of lack of liquidity.
Hopefully, Fulcrum manages to pull through. In the meantime, the rest of the decentralized finance world should learn a lesson from these attacks so that similar attacks don't occur in the future.
At the present time trading is still halted. The team originally announced that they estimate and plan to allow traders with open positions to exit. However, it appears that more time is needed to be able to complete the task and traders are now waiting for months.
Recently, Nexus Mutual – a decentralized insurance protocol has agreed to pay out the first claim to several users who took out insurance on their bZx / Fulcrum positions. The first claim was in the amount of 4 ETH and the second one for 30,000 DAI.
Learn how to unlend your funds from Fulcrum
If you have funds stuck on the platform, it's still possible to unlend them using the smart contract as mentioned in the following guide:
Click here for Guide