DeFi Protocol Indexed Finance Loses $16 Million To a Hacker Attack

By Aleksandra Wilson
3 min read October 25, 2021

The DeFi protocol known as Indexed Finance got hacked at the beginning of October; the lost amount goes as high as $16 million. Index Finance is a decentralized finance project whose base is Ethereum. It issues tokens that track indexes in the market. Allegedly, the hacker got hold of the assets backing up the value of the index tokens and used the  opportunity to strike through a vulnerability in the smart contracts protocol. This project is the latest to be hacked in a series of attacks perpetrated by hackers trying to bring money into their pockets. 

How Was it Possible for Indexed Finance to Get Hacked?

The intrusion was a classic case of exploiting DeFi. The attacker employed the flash loan procedure, overloading the protocol with different new assets. That fact alone lowers the value of Indexed tokens, enabling the hacker to issue new ones and exchange them for cash. That’s precisely what happened this time; that’s how Indexed Finance got hacked. 

The Consequences

Currently, out of the six main assets in the protocol, two, DEFI5 and CC10 lost almost all of their value. One hour after the attack, DEFI5 had already dropped by 85%; the price went from $88.73 to an unfortunate new low of $3.67. CC10 was even more affected, declining by 98%, from a price of $62.50 to $0.74. The other three tokens known as NFTP, ORCL5, and DEGEN seem to be safe for now. And finally, the sixth asset, FFF, a meta index containing DEFI5 and CC10, was critically damaged and will have to end in the current form it is known. After Indexed Finance got hacked, a compensation plan was put in place.

The Hacker

On Friday 15th, the day after the hack, members of the project identified the culprit. The thief didn’t manage to cover his tracks well enough. Indexed Finance made him an offer in an attempt to resolve  the matter as soon as possible. Since they didn’t get a response from him, they proceeded with  an ultimatum. The company stated that they gave the attacker until Saturday midnight to refund all that was taken, or they would notify law enforcement. 

Later on, members of the DAO said through their Twitter account that they were pulling the breaks on the conditions previously stated. They found out that the hacker was a lot younger than they believed. They haven’t officially declared if they’re negotiating with him or what’s the current status of the situation.


DeFi is a flourishing industry and a bright new opportunity for projects that wish to automate financial tools, such as banks. Most are built on the blockchain that has the second biggest crypto by market capitalization, Ethereum. Although promising, we have  to be aware that it’s still an experimental industry in an unknown territory. The technology that serves as the foundation for the protocols is still very new, and obviously vulnerable to hackers. The decentralized finance space requires auditors to prevent attacks; until that happens, we should be aware of the risks. Mainly to avoid loses and unpleasantries, like the protocol users had to go through when Indexed Finance got hacked.

Load more sync