Midas Capital, a decentralized finance (DeFi) application that allows users to lend and receive cryptocurrencies, was hacked and lost nearly $600,000 worth of tokens. The attack was reported today by PeckShield, a blockchain security firm.
According to PeckShield, the hacker exploited a rounding issue in Midas Capital's lending protocol, a fork of Compound, another popular DeFi app. The hacker managed to borrow more tokens than they deposited as collateral and then sold them for a profit.
Today, Midas Capital suffered an exploit on one of our pools.
While the incident is isolated to a single pool we have pre-emptively paused all pools while we dig deeper into the root cause and contact authorities.
More information will be given later.
— Midas Capital (@MidasCapitalxyz) June 17, 2023
PeckShield said that this attack is similar to attacks that were forked from Compound and targeted two other DeFi applications with the same vulnerability, Hundred Finance and Silo Finance.
Midas Capital confirmed the incident on its official Twitter account and said it is pausing all of its pools while investigating the root cause and contacting authorities. The team also assured its users that it will provide more information later and will work on a compensation plan for affected users.
*Not investment advice.