Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 012Reentrancy

Akropolis Savings Pool Reentrancy

A fake ERC-20 with a reentrant transferFrom let an attacker re-enter Akropolis's deposit flow and mint $2M in pool shares without delivering real collateral.

Date
Victim
Akropolis
Chain(s)
Ethereum
Status
Funds Stolen

On November 12, 2020, the DeFi savings protocol Akropolis lost approximately $2 million in DAI from its yCurve and sUSD savings pools. The attacker deployed a fake ERC-20 token whose transferFrom re-entered Akropolis's deposit logic, allowing them to be credited pool shares without delivering real collateral.

What happened

Akropolis's savings pools followed a standard pattern: a user calls deposit, the pool pulls the user's tokens via transferFrom, then credits the user with pool shares proportional to the deposit.

The pool did not validate that the deposited token was a legitimate, expected asset, and the deposit path lacked reentrancy protection. The attacker exploited both omissions together:

  1. Deployed a fake ERC-20 token whose transferFrom contained a callback into Akropolis's deposit function.
  2. Called deposit specifying the fake token.
  3. When the pool invoked the fake token's transferFrom, the callback re-entered deposit — and, via flash-loaned real DAI used inside the reentrant call, manipulated the pool's accounting so the attacker was credited pool shares far exceeding their real contribution.
  4. Withdrew the inflated share position for real DAI from the pool.
  5. Drained ~$2M across the affected pools.

Aftermath

  • Akropolis paused the affected pools and published a post-mortem.
  • The team committed to a compensation plan; recovery from the attacker was minimal.
  • The AKRO token and protocol standing were significantly damaged.

Why it matters

Akropolis is one of the earliest "fake-token + reentrancy" compound exploits in DeFi — predating the better-known Grim Finance (2021), BurgerSwap (2021), and Orion Protocol (2023) instances of the identical pattern.

The compound bug is always the same two omissions:

  1. No validation that the deposited/swapped token is a legitimate expected asset (the Pickle / Cashio "trusted address from untrusted caller" class).
  2. No reentrancy guard on the deposit path (the DAO class).

Either alone is often survivable; together they are a complete drain primitive. Akropolis in November 2020 is one of the first clean catalogue instances — and the fact that the exact same compound bug recurred for years afterward, across chains and teams, is one of the catalogue's clearest demonstrations that knowing about a vulnerability class as an industry does not prevent individual teams from shipping it. The defensive primitives (token allowlists + nonReentrant) were freely available in 2020 and remain freely available; the bug keeps shipping anyway.

Sources & on-chain evidence

  1. [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-akropolis-hack-november-2020
  2. [02]decrypt.cohttps://decrypt.co/48081/defi-platform-akropolis-admits-to-being-hacked-for-2-million
  3. [03]rekt.newshttps://rekt.news/akropolis-rekt

Related filings