Miguel Lopez A so-called “force-investment” cyber attack hit Rodeo Finance, an Arbitrum-based leveraged yield protocol, on July 10. The hack led to an initial loss of nearly $1.7 million. Rodeo Finance has since recovered about $810,000 and is looking to immobilize the rest of the stolen funds.
Protocol Currently in ‘Standby Mode’
As a leveraged yield farming entity, Rodeo Finance recently joined the growing list of decentralized finance (DeFi) protocols victimized by force-investment hacks. The incident happened on July 10, leading to the theft of around $1.7 million. As a result, the DeFi protocol is now in a standby mode, awaiting the finalization and implementation of a recovery plan in consultation with multiple security experts.
In a statement released on July 11, Rodeo Finance confirmed the cyber attack and reported the recovery of $810,000. According to the protocol, this leaves an outstanding stolen amount of $830,000. The same statement also shed light on the modus operandi of the cybercriminals.
The protocol explained via a tweet, “The hackers managed to execute the attack because one of our oracles, designed as a time-weighted average price (TWAP) for Camelot’s Uniswap v2 pools, was manipulated just around its price update, thereby inflating its price. This manipulation enabled the hacker to borrow from the lending pool and convert it all to the specific token, leading to significant slippage. Despite this, the operation was still completed due to the artificially high oracle pricing.”
According to Rodeo Finance, the attacker managed to convert their illicit gains back to the regular price by “arbitraging” the decentralized exchange’s pool. The protocol managed to recover $810,000 from the yield farm utilized in the attack.
As for the remaining stolen assets, Rodeo Finance plans to trace and freeze them. The next step is to collaborate with security auditors “to finalize the plan of recovery.”
Share your thoughts on this incident. Please leave your comments below.
Table Of Contents
Frequently Asked Questions (FAQs) about Rodeo Finance Hack
What is Rodeo Finance?
Rodeo Finance is a leveraged yield protocol on the Arbitrum network, offering decentralized finance (DeFi) services.
What happened to Rodeo Finance?
Rodeo Finance experienced a “force-investment” hack, resulting in the theft of approximately $1.7 million.
Has any of the stolen funds been recovered?
Yes, Rodeo Finance has managed to recover $810,000 so far, leaving an outstanding amount of $830,000.
How did the hack occur?
The hack was executed by manipulating one of Rodeo Finance’s oracles designed for Camelot’s Uniswap v2 pools. This allowed the attacker to borrow from the lending pool and inflate the token’s price, facilitating the theft.
Is Rodeo Finance operational after the hack?
No, Rodeo Finance has been placed in a paused state until a remediation plan is finalized and implemented in consultation with security experts.
What is Rodeo Finance doing to recover the remaining stolen funds?
Rodeo Finance is actively working to track and freeze the assets associated with the hack. They are also collaborating with security auditors to develop a plan for the recovery process.
More about Rodeo Finance Hack
- Rodeo Finance Official Website
- Arbitrum Network
- Decentralized Finance (DeFi) Explained
- Understanding Force-Investment Hacks
- Camelot’s Uniswap v2 Pools
- Security Auditing in DeFi
