An attacker executed a flash loan attack on an Avalanche stableswap platform, stealing several million dollars-worth of crypto.
16. februar opozorilo from blockchain security firm Certik disclosed that Platypus DeFi, a stablecoin swapping platform built on the Avalanche blockchain, lost $8.5 million in an exploit.
Platypus DeFi acknowledged the exploit on Twitter, rek that the hacker took advantage of its stablecoin’s solvency check mechanism. The protocol’s U.S.-dollar pegged stablecoin Platypus USD (USP) lost more than 50% of its value after the exploit. USP was trading at around $0.47 at the time of writing.
The Platypus DeFi team also appears to have attempted to communicate with the hacker, according to a message encoded in a transaction on the Avalanche blockchain.
“We can give you a very generous bounty (% of stolen funds) for your efforts in finding this issue. If you are acting as white hat, please get in contact with us,” preberite the message, viewable on Avalanche blockchain explorer Snowtrace.
Users have also reported that deposits and withdrawals on the main pool on the stableswap platform have been temporarily suspended.
Detektiv v verigi ZachXBT opozoriti that the hacker’s wallet address has already been blacklisted by Tether.
An independent analysis of the attack from on-chain analyst Daniel Von Fange found that the attacker used an “emergency withdraw” function on the smart contract to carry out the exploit.
V dve uri starem vdoru v Platypus je videti, da je napadalec položil 44 milijonov, si izposodil 42 milijonov in nato uporabil nujni dvig(), ki je napadalcu srečno vrnil vsa prvotno naložena sredstva – brez odbitkov za izposojo. pic.twitter.com/QncRrRYg8j
— Daniel Von Fange (@danielvf) Februar 16, 2023
“This is a bad look for USP auditors, who should have caught this relatively trivial bug,” tweeted web3 investor “@demirelo” on Twitter.
While the hacker made multiple contracts to execute the exploit, the bulk of stolen funds was executed through this first attack contract, which does not appear to have a mechanism to withdraw them from this location.
“seems there is a pretty good chance the attacker’s funds are trapped forever without a means for him to withdraw successfully from his attack contract,” tweeted Twitter user “@spreekaway.”
- Distribucija vsebine in PR s pomočjo SEO. Okrepite se še danes.
- Platoblockchain. Web3 Metaverse Intelligence. Razširjeno znanje. Dostopite tukaj.
- vir: https://unchainedpodcast.com/avalanche-based-defi-platform-loses-8-5m-in-exploit/
- 9
- a
- Po
- Naslov
- Prednost
- po
- že
- Analiza
- Analitik
- in
- zdi
- okoli
- napad
- poskus
- revizorjev
- Avalanche
- Avalanche Blockchain
- nazaj
- Slab
- NA ČRNEM SEZNAMU
- blockchain
- Blockchain varnost
- sposodim
- IZPOSOJENO
- Bounty
- Bug
- zgrajena
- opravlja
- ujete
- CertiK
- priložnost
- preveriti
- komunicirajo
- kontakt
- Naročilo
- pogodbe
- kripto
- Daniel
- Defi
- Platforma DeFi
- deponiran
- vloge
- prizadevanja
- izvršiti
- Izkoristite
- raziskovalec
- iskanje
- Firm
- prva
- Flash
- za vedno
- je pokazala,
- iz
- polno
- funkcija
- Skladi
- radodaren
- dobili
- Daj
- dobro
- kramp
- heker
- klobuk
- HTTPS
- in
- Neodvisni
- Investitor
- vprašanje
- IT
- posojila
- kraj aktivnosti
- Poglej
- POGLEDI
- Izgubi
- je
- Glavne
- pomeni
- Mehanizem
- Sporočilo
- milijonov
- več
- več
- Staro
- Na verigi
- izvirno
- platforma
- platon
- Platonova podatkovna inteligenca
- PlatoData
- prosim
- bazen
- precej
- protokoli
- relativno
- Prijavljeno
- varnost
- več
- shouldnt
- Sleuth
- pametna
- pametna pogodba
- Plačilna sposobnost
- stabilno
- ukradeno
- ukradenih sredstev
- Uspešno
- prekinjena
- skupina
- Tether
- O
- skozi
- čas
- do
- Trgovanje
- transakcija
- Res
- us
- ameriški dolar
- uporabnik
- vrednost
- za
- denarnica
- Web3
- ki
- bele
- WHO
- umaknejo
- Umiki
- brez
- pisanje
- Vi
- Vaša rutina za
- Zachxbt
- zefirnet