Indexed Finance Identifies $16 Million Hacker

Reading Time: 2 minutes
  • Indexed Finance claims to have identified the hacker that minted and sold $16 million worth of tokens
  • The hacker exploited a flash loan mechanism on Friday and crashed three indexes on the platform
  • Indexed Finance says it has identified the hacker and is deciding what to do with the information

DeFi exchange Indexed Finance claims to have identified the hacker that stole $16 million worth of tokens in a hack last week. The exchange, which focuses on indexes such as the Degen Index rather than specific coins, saw two of the six indexes on its platform lose over 88% of their value as the attacker was able to mint and sell new tokens following a flash loan exploit. After the offer of a bounty to return the coins expired, the Indexed Finance team claims to have tracked down and identified the hacker after following breadcrumbs he accidentally left.

Three Indexes Crashed After Exploit

The Indexed Finance hack occurred on Friday and saw the attacker take advantage of the flash loan mechanism by overloading the Indexed Finance protocol with new assets. This reduced the price of the tokens which allowed the attacker to mint new ones and cash them out, resulting in two of the six indexes on the platform DEFI5 and CC10 losing most of their value – DEF15 dropped from $88.73 to $3.67 (85% loss) while CC10 fell from $62.50 to $0.74 (98% loss). A third index, FFF, was so badly hit it will have to be scrapped.

Indexed Finance Says ‘We Know Who You Are’

On Saturday, Indexed Finance offered a $50,000 reward for the return of the tokens, but the hacker did not take them up on this offer. In the background, Indexed Finance was working with other crypto organisations and individuals to try and identify the hacker, which it announce yesterday had resulted in success:

What Indexed Finance does with the information is yet to be seen, but it seems that the hacker is in a far worse position than they were when they stole the funds on Friday. This of course is assuming that Indexed Finance is telling the truth and this isn’t a clever bluff.

The hack raises more questions over the efficacy of smart contract audits, as Indexed Finance was audited twice and the flash loan exploit was not picked up by either auditor.