The Optimism-based decentralized credit market protocol, Exactly (EXA), has experienced a security breach resulting in the theft of approximately $7.2 million worth of Ethereum (ETH).
De.Fi, a web3 protocol’s security department, confirmed the incident and stated that the stolen amount consisted of 4,323.6 ETH. The hacker utilized Across Protocol to bridge around 1,490 ETH and sent 2,832.92 ETH to Ethereum blockchain via the Optimism Bridge.
In response to the hack, Exactly temporarily paused its protocol to investigate the issue. Users, however, can still withdraw their funds. Exactly assured investors that their team is actively working on the situation and will provide further details soon.
Blockchain security firm Beosin shed light on the exploit, explaining that the attacker manipulated the market address in the DebtManager contract. By passing a malicious market contract address and evading the permit check, the hacker executed a malicious deposit function to steal the USDC deposited by users. The attacker ultimately liquidated users’ assets for personal profit.
Root cause of the @ExactlyProtocol exploit:
The market address in DebtManager contract could be manipulated.
The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal the $USDC deposited by users.… https://t.co/NvFRyIAzeJ pic.twitter.com/XcmnUhibf1
— Beosin Alert (@BeosinAlert) August 18, 2023
The news of the hack had a significant impact on the price of EXA. Within the last 24 hours, the altcoin’s value plummeted by 32%, trading at $4.2 at the time of writing.
Legal Implications of the Exactly Protocol Hack
The Exactly Protocol hack has raised a number of legal implications, including:
The liability of the Exactly team for the hack. The Exactly team may be liable to users for the losses they suffered as a result of the hack. This could be based on a number of theories, including negligence, breach of contract, or fraud.
The possibility of a class-action lawsuit against the Exactly team. If a large number of users are affected by the hack, they may be able to file a class-action lawsuit against the Exactly team. This would allow them to pool their resources and pursue a legal remedy together.
The regulation of DeFi protocols. The Exactly Protocol hack has highlighted the need for more regulation of DeFi protocols. Governments and regulators around the world are still grappling with how to regulate these new and innovative financial products.
The impact of the hack on the DeFi ecosystem. The Exactly Protocol hack has shaken confidence in the DeFi ecosystem. It is possible that this will lead to a decrease in investment in DeFi projects and a decline in the use of DeFi protocols.
The legal implications of the Exactly Protocol hack are still unfolding. It is important to stay up-to-date on the latest developments and to seek legal advice if you have been affected by the hack.