Umbrella Network Hacked: $700K Lost
The DeFi world has been compromised, again. This time, hackers targeted Umbrella Network’s reward pools, and the incident resulted in $700k being drained from both BNB Chain and Ethereum.
On March 20, 2022, Uno Re’s partner- Umbrella Network announced that the LP tokens staked in their Polar Stream staking contracts on Ethereum and BNB Chain are drained from both of the contracts. Reportedly, the hacker then withdrew liquidity using those stolen LP tokens from both the UMB-ETH Uniswap and the UMB-BNB Pancakeswap pools.
DeFi is no stranger to such hacks, given there were 83 DeFi exploits in the past two years, excluding the Umbrella Hack, with lost funds amounting to a total of approximately $2,3 billion at the time of these exploits.
How did it happen?
The investigation revealed that the hack was possible due to an underflow bug in the smart contract code. These kinds of bugs have to do with the fact that computers don’t understand the concept of infinity. An underflow occurs when the computer tries to read a number smaller than the minimum defined in the code.
Going back to the Umbrella Network hack, the hacker or hackers exploited the bug in the subtraction code below in withdraw method of the contract.
This allowed the exploiter to withdraw an arbitrary amount of LP tokens from the smart contract. Consequentially, the hackers have reportedly gained $700k. As mentioned above, this has been possible due to an underflow in withdrawal that was unchecked.
What has the Umbrella Network hack taught us?
It was only a week ago when we discussed why staking pools need insurance protection. This unfortunate coincidence once again proves that smart contracts on which staking pools are operating can be easily exploited.
Underflow bugs are extremely common in smart contracts. So, taking such attacks seriously is the logical thing to do as this particular case, unfortunately, indicates there are more to come.
Uno Re, the world’s first decentralised insurance and reinsurance platform, dedicates itself to maintaining the security of the DeFi space to contribute to its growth. With that goal in mind, Uno Re has been conducting comprehensive research on smart contract vulnerabilities in staking pools and reward pools.
A partner of Uno Re, Umbrella Network has active insurance coverage in place, ensuring Uno Re will compensate for losses suffered by users as a result of a criminal act aiming to exploit the smart contract vulnerabilities.
We are well aware that the real victims of such malicious attacks are the users who invest their hard-earned money in DeFi platforms. Uno Re believes DeFi is a revolution that will change the understanding of finance at a fundamental level and aims to provide all its parties with the peace of mind they have been yearning for, the future of DeFi — insurance.
Currently, Uno Re and Umbrella Network teams are evaluating the situation and conducting our due diligence and claim assessment. We will help our partner’s users to recover from this unfortunate event as their insurance provider. More details regarding the process will follow soon.
About Uno Re
Uno Re is the world’s first decentralised insurance and reinsurance platform, allowing the community to invest and trade in ‘risk’ and receive sizable returns on their investments in one of the safest asset classes in the world. The platform will break barriers to entry for the retail investor by doing away with the historic pre-requisite of absurdly high capital generally needed to invest into the market while also introducing much-needed transparency into the industry as a whole. Uno Re will also allow the community to propose innovative insurance products to the space, thus propelling a new generation of Insurtech companies powered by the Uno Re ecosystem.
