Following an oracle manipulation attack, the Fortress Protocol, an algorithmic money market and defi lending protocol, was drained of all funds. The stolen cryptocurrency has subsequently been transferred from Binance Smart Chain to Ethereum and mixed using the Tornado Cash privacy protocol.
CertiK, a blockchain security company, reported the attack on Monday. The hacker began by purchasing a significant number of FTS — the governance token that manages the FTS system – using ETH.
The quorum vote on the governance contract for Fortress Loans is 400,000 FTS. That was only worth $18,000 at the time of the hack and represented fewer tokens than the attacker possessed. In other words, the attacker now had the power to approve whatever protocol modification suggestion he liked.
As a result, he approved Proposal ID 11, which increased the collateral component for FTS tokens in loan contracts from 0 to 700,000,000,000,000,000. He also updated the loan contract’s price oracle so that the token’s price would change even if voting power was 0.
The attacker stole a large number of tokens and converted them into over 1000 ETH and over 400,000 DAI – worth over $3 million at the time of the breach. He then used a self-destruct mechanism built into his malicious smart contract to quickly transfer the stolen goods to Tornado Cash.
