The Solana-based lending protocol Solend reported $1.26 million in bad debt due to an oracle attack. PeckShield, a security firm, reported the incident on Wednesday.
Solend operates a decentralised lending system that enables users to borrow and earn interest on crypto assets through lending pools.
The company recognised the vulnerability and reported that three loan pools were attacked, including Hubble stablecoins, Kamino tokens, and Coin98 tokens. Oracle attacks on USDH targeting the Coin98, Stable, and Kamino isolated pools were found, leading to $1.26M in bad debt, as Solend tweeted.
An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt. All other pools including the Main pool are safe.
Affected pools have been disabled and exchanges have been notified of the exploiter's address.
— 🙏🚫 Solend (we're hiring!) (@solendprotocol) November 2, 2022
Because of the event, the three pools were frozen. The Solend elaborated by saying that all other loan pools were unaffected. The Solend team claims that an attacker exploited a flaw in its price-data oracle, a technology intended to keep tabs on the value of various cryptocurrencies.
Inflating the value of some crypto assets and borrowing others with the purpose of never returning the borrowed amount are two common tactics used by hackers against loan systems. As a result, there is an increase in uncollectible debt levels. The Solend group has not yet made public its investigation findings.
***