Visor Finance, an active liquidity management protocol, has been the latest victim of a decentralized finance (DeFi) hack this week.
In the late hours of December 21, the DeFi protocol team tweeted about the occurrence. The staking contract has been exploited, and user cash will be replaced, according to the statement.
Working on a solution
“We’re aware of a vulnerability in the vVISR staking contract and are working on a fix for affected VISR users. There are no positions or hypervisors under jeopardy,” Visor Finance said.
Visor announced an hour later that it would be executing a token migration based on a snapshot taken prior to the breach.
A rogue smart contract emptied the protocol’s staking contract of 8,812,958 VISR tokens, per a post mortem released a few hours later by the Visor team. This was worth roughly $8.1 million at the time of the exploit.
The staking contract has a bug that allows a user-created contract to manipulate the transfer function and empty the staking pool.
Although it is a little late, Visor Finance has stated that its current audits are underway and that a new contract will be drafted.
This isn’t the first time
Both Quantstamp and ConsenSys Diligence are on board for the December and January audits, which will incorporate this new staking contract.
The team announced that a new coin will be launched, with the previous VISR token ticker symbol being replaced with the new one.
It went on to say that this has already begun and that users will be compensated 1:1 with the new token, which it has begun listing.
The blog article claimed, “No one should buy VISR because it will not be redeemed for the new token.”
This isn’t the first time the protocol has been used in this way. A hacker gained access to an account that handled part of the company’s administrative tasks in late June, resulting in the theft of about $500,000.
Image courtesy of Cointelegraph News/YouTube