This DeFi platform just hacked itself – to protect users‘ funds
The developers of Primitive, an Ethereum-based decentralised financial options protocol, have „white-hacked“ their own platform after a severe security vulnerability was discovered today.
„EMERGENCY ALERT @PrimitiveFi has white-hacked our contracts to protect users‘ funds after a critical security vulnerability was discovered. Further user action is required to protect funds,“ Primitive tweeted today.
According to the blog post, a critical vulnerability was discovered in some of Primitive’s smart contracts that allowed „infinite approvals“. This put all users who gave the vulnerable Bitcoin Bank contract permission to issue their tokens at risk of losing their funds.
With no way to update or pause these contracts, developers resorted to hacking their own platform.
„Although we have recused (sic) 98% of the funds, there is still a RISK for TOKEN IN WALLETS who approved the vulnerable contract, [the reset link] will secure the funds by bringing each of your token approvals to 0,“ the developers said.
However, users who have allowed the flawed smart contracts to spend their assets could still lose the tokens held in their wallets, the developers stressed. To protect them, affected users will have to reset the permissions on their tokens via a special page.
At the time of publication, no actual losses of funds to malicious actors using the exploit have been reported.
However, ETH costs are skyrocketing
Primitive allows users to earn returns by posting their DAI, Ethereum (To buy Ethereum via Paypal guide) and other DeFi tokens as collateral for options markets. The returns themselves come from trading fees on DeFi’s market maker platform SushiSwap.
„The protocol is used to create smart contracts with an immutable set of parameters that define the rules of the option. Any two ERC-20 tokens can be selected as the underlying (the asset to be purchased) or the quote (the token used to pay the strike price),“ Primitive’s developers said.
The booming DeFi sector has already seen several exploits and hacks in the last few months. Last November, for example, an attack on a pricing oracle on the decentralised lending platform Compound caused $100 million worth of liquidations.