Vee Finance Exploited for $35M Worth of BTC and ETH

Shortly after launching on the Avalanche network, decentralized finance (DeFi) platform Vee Finance was hit by an exploit that saw around $35 million in BTC and ETH being stolen, the platform said in a blog post on 21 September.

According to the announcement, Vee Finance noticed some suspicious activities on its platform on 20 September, and quickly suspended its contracts alongside its deposit and borrow functions. Despite the effort, the attacker was still able to drain almost 8805 ETH and 214 BTC, worth around $35 million at current prices. The platform said in its blog post:

“We are taking and handling this incident seriously and will do our best to protect the interests of VEE Finance users. We will keep you updated on this matter through our social media and community announcements.”

After investigating, the Vee Finance team found that the attacker had collected all of the stolen tokens into a single address. The team also assured users that the incident only occurred in the “pending contract”, and that the assets in its “Stable Coin sector” — including USDT.e, USDC.e, and DAI.e — were not affected. The Vee Finance team also published a tweet informing the attacker they were ready to launch a bounty program for the bug he had “identified”, imploring him to contact them via email or any other contact he preferred.

Vee Finance, which launched on the Avalanche network on 14 September, is a DeFi lending platform focused on supporting a variety of mining mechanisms, such as liquidity, transaction, and leveraged mining. On Saturday, the platform published a blog post claiming to have surpassed $300 million in total value locked.

The new DeFi exploit happened less than ten days after another Avalanche project, Zabu Finance, was hacked for $3.2 million worth of tokens.