Ethereum Classic 51% Attacks
Learn about how the multiple 51% attacks were carried out on Ethereum Classic on 2019.
Playing the video that you've selected below in an iframe
On October 27, 2022, Team Finance was exploited for approximately $14.5 million worth of…
On October 27, 2022, Team Finance was exploited for approximately $14.5 million worth of tokens.
Team Finance is a security toolkit for founders who want to create a token and raise funds from a community of investors.
The root cause of this vulnerability is a lack of proper validation in the contract's function, which resulted in the addition of a fake token to the contract, which was then used as a parameter to migrate the tokens from the pool.
4. The contract only verified that the contract's caller has a valid deposit address, meaning that any amount of tokens can be locked by a potential hacker.
5. A fake token is locked in this attack transaction .
6. The attacker can arbitrarily specify the token pair to migrate the liquidity amount of the locked fake token.
7. The actual number of tokens to migrate is determined by the user-controlled parameter in params, and the migrated LP is returned to the caller in its entirety.
8. The initialize price of V3 liquidity pool is also disrupted by sqrtPriceX96. By doing so, the attacker is able to obtain a large amount of refund during the migration process.
9. The perpetrator took this opportunity to illegally migrate $WTH, $CAW, $USDC, $TSUKA tokens from V2 to V3 liquidity pool.
The team announced via Twitter that they have temporarily paused all activity on their platform until they are certain that the exploit has been remedied. They have also urged the exploiter to contact them in order to receive a bounty payment.
The exploiter started communicating with the team through a series of decoded messages as seen in this transaction . According to reports, the exploited funds have begun flowing back to the project, with the hacker keeping a portion of the proceeds as a bug bounty reward.
The failure to validate parameters or instructions can have disastrous consequences for a project team. It is recommended that strict test cases be used to validate the overall workflow of the smart contract functionalities.
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.
Official Website: https://neptunemutual.com