Security company blockchain Certik warned of the attack via Twitter on September 8. The attacker manipulated the NFD's "addMember()" function to add themselves as a member, allowing them to use the unsigned contract. Verified to make three flash loans.
#CertiKSkynetAlert 🚨September 8, 2022
New Free Knife - $NFD was exploited via flash loan attack gaining the attacker 4481 WBNB (approx. ~$1.25M) causing the token to slip in price 99%.
The attacker has connections to Neorder - $N3DR attack from 4 months ago where they took 930 BNB at the time. pic.twitter.com/5Rcht3YiIK
“New Free Dao was hit by a flash loan attack, losing 4,481 WBNB (about 1.25 million USD) causing NFD to drop 99%. The attacker has a connection to Neorder – N3DR attack from 4 months ago and took 930 BNB at that time".
Around 500,000 USD is said to have been exchanged to BUSD and laundered through the money mixer Ethereum punished Tornado Cash.
Attackers to Avalanche
In less than 24 hours, the crypto community was faced with two flash loan attacks, including one by Avalanche.
#CertiKSkynetAlert🚨September 7, 2022
CertiK Skynet has reported a #flashloan attack on #AVAX impacting contract 0xe767c… & some LPs. The attacker profited ~$370k USDC.
Possible invest protocols include:@nereusfinance @traderjoe_xyz @CurveFinance
Contact us for analysis.
Stay Frosty!☃️ pic.twitter.com/bZvtgVPpl4
“CertiK Skynet has reported a flash attack on AVAX affects contract 0xe767c… & some LPs. The attacker made $370k USDC. Protocols that may be affected include: Nereus Finance, Trader Joe and Curve Finance”.