Pythia Finance decentralized finance protocol has US $53 thousand stolen

Pythia Finance, a decentralized finance (DeFi) protocol specializing in algorithmic stablecoins, suffered a loss of $53,000 due to a reentrancy attack on September 3, as reported by blockchain security firm Quill Audits.

A reentrancy attack is a type of exploit in which an attacker repeatedly calls a vulnerable smart contract function before the previous function execution is completed, allowing them to manipulate the contract's state in unintended ways. This is typically done by using a malicious contract that triggers the targeted function to re-enter itself multiple times within a single transaction, often before the contract can update its internal state or balances. The attacker can exploit this loophole to drain funds.

The attack exploited a vulnerability in the protocol’s "claim rewards" function, which allowed the attacker to repeatedly call the function without updating the reward balance, enabling them to collect rewards in excess of what was legitimately available.

According to Quill Audits' partial audit report, there are currently no unresolved security issues, suggesting that Pythia Finance may have already upgraded its smart contracts to prevent future exploits.