DeFi token VISR plunges by 95% following $8 million hack
Decentralized finance (DeFi) liquidity management protocol Visor Finance became yet another victim of hackers last night as perpetrator(s) siphoned over 8.8 million VISR tokens—worth $8.1 million at the time.
“On December 21st 2021 02:29:11 PM UTC a malicious contract drained Visor Finance’s staking contract of 8,812,958 VISR tokens. The attack was made possible by implementing the IVisor delegateTransferERC20 interface and calling the staking contract’s withdraw function with the desired VISR amount,” Visor Finance developers explained in a post-mortem today.
We will be restoring affected VISR stakers— Visor Finance (@VisorFinance) December 21, 2021
In other words, the hacker wrote their own smart contract and used it to manipulate Visor protocol’s “withdraw” function, allowing the attacker to drain the staking pool.
To remedy the situation, Visor now plans to issue a new token under a different ticker and use it to reimburse VISR holders in a 1:1 ratio.
“We have already begun the process of listing the new token on various registries in order to make sure the new token is visible and recognized by dexes and wallets starting day one,” Visor explained, adding:
“We are engaged with both Quantstamp and ConsenSys Diligence for December and January audits and this new staking contract will be included.”
Since the compensation plan will rely on a snapshot made before the hack occurred, currently “no one should buy VISR as it will not be redeemable for the new token,” the developers warned.
Indeed, the price of VISR plummeted by more than 95% shortly after the attack. At press time, the token was hovering at around $0.043—down 95.39% from $0.93 yesterday, according to CoinMarketCap.
Notably, this is already the second time Visor Finance got hacked this year, although the damage wasn’t so extensive last time around. Back in June, a hacker obtained access to an account that managed some of Visor’s admin functions and withdrew roughly $500,000 worth of assets from the protocol.Source