- The Wrapped Leo (WLEO) DeFi project has lost over $40K in a recent attack.
- The LeoFinance team says they do not know how the WLEO contract got exposed, but they are investigating the matter.
Unarguably, decentralized finance (DeFi) has become the major focus of several hackers in the entire cryptocurrency space, given the influx of people and money in the market. Although the frenzy in the DeFi is gradually calming down, hackers are still looking to exploit vulnerabilities in some of the easy-going DeFi projects, sweep off funds from these projects, perhaps, leave investors in regret.
Another DeFi project loses $42,000
Today, Wrapped Leo (WLEO) and its investors have been named recent victims of hackers after the team confirmed in a blog post earlier today that about $42,000 was drained from the DeFi project.
To start with, It’s worth mentioning that WLEO has nothing to do with Bitfinex’s LEO token. However, the cryptocurrency in question is the wrapped version of the Leo token. The Leo token was reportedly issued on the Hive blockchain. WLEO is the tokenized Ethereum version of the cryptocurrency, which is essential for the holders to interact with the DeFi market on the Ethereum network. This is similar to WBTC, WETH, and others.
How WLEO was hacked
Following the information provided by LeoFinance on Monday, WLEO’s issuing contract/address got exposed, which enabled that unknown hacker to create the Wrapped Leo tokens for himself, which is cashed out in Ether (ETH) from the project’s Uniswap pool. Many of the token holders learned about the suspicious transactions and began withdrawing their liquidity from the Uniswap pool, which fortunately limited the amount of ETHs the hacker could cash out.
However, the hacker managed to drain $42,000 from the DeFi project’s pool in total, just before WLEO was closed down. As explained, the hacker cashed out the stolen ETH cryptocurrencies via non-KYC’d Binance accounts, which made it difficult to pinpoint who exactly was behind the attack. While the LeoFinance team is currently investigating the attack, they said it remains unknown how the project’s contract was exposed.