Quickswap a DEX Based on Polygon suffers $220,000 loss due to a Flash Loan Exploit

By: Mark Jessy

Quickswap a DEX Based on Polygon suffers $220,000 loss due to a Flash Loan Exploit

October 25, 2022 7:23 AM

Quickswap, a decentralized exchange (dex) based in Polygon, lost $220K in a flash loan exploit on Monday, and the team has since announced that the Quickswap Lending platform will be shutting down as a result of the incident.


Mistakes, flash loans, faulty smart contracts, and unchecked lines of code have made 2022 a banner year for hacks in the decentralized finance (defi) industry, with billions stolen. Earlier this month, on October 24th, Quickswap disclosed a $220,000 hack into the Market XYZ lending market.


The team announced on Monday that "Quickswap Lend is closing" via their official Twitter account. According to the report, "$220K was exploited in a flash loans attack due to a vulnerability with the Curve Oracle, which [Market XYZ] was using. No other lending markets besides Market XYZ were hacked. Agreements with Quickswap will remain unchanged.


Qi Dao seeded the Market XYZ lending market, and "no user funds were compromised," Quickswap emphasized. As Quickswap Lend will be unsettled, the dex is advising users who have funds on Market XYZ's open markets to withdraw them immediately.


Following the recent Olympus DAO exploit and the hack of Mango Markets, hackers have turned their attention to Quickswap. After the exploit was used, Olympus, like several other recent defi projects, was able to negotiate with the hacker and get their money back. Over $3 billion has been stolen from cryptocurrencies this year, according to a study by Chainalysis, which was reported on by Coinnewsafrica last week.


Quickswap was discovered to be exploitable on October 11, 2022, according to blockchain audit and security firm Peckshield. Peckshield referred to the issue as one of "price manipulation" in a tweet. According to Peckshield's blockchain security analysts, "The Mimatic market uses Curvepooloracle for price feed, which is manipulated to borrow funds from the market."



Mimatic (MAI) is a stablecoin developed by Qi Dao, the originator of the seed funds used by the Market XYZ lending market. Chainsecurity, a blockchain security firm and Web3 auditor, revealed the vulnerability in a blog post published by Peckshield after the hack. According to data from coingecko.com, on October 23 Mimatic (MAI) fell to a low of $0.9895 per unit, but as of this writing, the stablecoin was trading at $0.993.