Cyber Incident Victim: Ola Finance

On March 31, 2022, decentralized lending platform Ola Finance reported a security breach resulting in the theft of approximately $4.67 million in cryptocurrency. Blockchain analysis firm PeckShield identified the attack, detailing losses of 216,964.18 USDC, 507,216.68 BUSD, 200,000.00 fUSD, 550.45 WETH, 26.25 WBTC, and 1,240,000.00 FUSE tokens. The exploit leveraged a reentrancy vulnerability—a type of smart contract flaw enabling attackers to repeatedly withdraw funds before transactions finalized. This method had previously compromised other DeFi platforms, including Cream Finance ($29 million in August 2021) and Revest Finance ($2 million days earlier). Ola Finance operated as a lending infrastructure provider for Fuse Networks, which managed the network, and Voltage Finance, which supplied the user interface. The incident occurred amid heightened DeFi security concerns, following the $625.5 million Ronin Network hack days prior.

Upon detecting the exploit, Ola Finance immediately paused borrowing across all lending networks and halted new token minting. To mitigate borrower impacts, interest rate models were adjusted to 0% APY, preventing inflated interest accrual during the disruption. The platform advised users with existing loans against repayments until operations resumed, as collateral withdrawals remained blocked. Ola Finance collaborated with Fuse and external experts to trace the attacker and initiated efforts to negotiate a bounty-for-funds-return agreement—a tactic previously attempted by other exploited DeFi protocols with mixed results. A comprehensive patch was under development, requiring auditing before reactivating Voltage’s lending services. The attack underscored systemic risks in DeFi ecosystems, with Chainalysis noting $2.2 billion stolen from such protocols in 2021 alone. Operational disruptions and financial losses highlighted vulnerabilities in interconnected lending infrastructures reliant on smart contract security.