By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
The NUM token lacked a permit function required by the Router protocol.
However, it did have a default callback function, which allowed forged signature to be passed in to trick the cross-chain bridge into transferring the user's assets.
We investigated one of the attack transaction carried out by the hacker.
The attack was front-run by a bot, which paid the builder approximately 10 ETH out of the entire profit.
The attacker created a fake anyToken using the attack contract which use $NUM as its underlying token.
The attacker then called the anySwapOutUnderlyingWithPermit function of the Multi-Chain Router contract to drain 557,754.45000198 $NUM tokens from one of the victim user.
This function should generally pass in token, and call the permit function of the underlying token for signature approval, before exchanging the token of the authorized user to the specified address.
In this case, since the $NUM token contract didn’t have a permit function, but it did have a callback function, which means that when an attacker sent in a fake signature, the callback function would return normally, so the transaction wouldn't fail.
Eventually, this allowed the $NUM token at the victim address to be transferred to the specified attack contract.
The attacker then used Uniswap to convert the profitable $NUM tokens into $USDC and then into WETH to collect their remaining rewards.
The team published a statement acknowledging the situation as a critical issue with the multi-chain bridge. They also advised $NUM users to disconnect wallet to multi-chain swaps and avoid those services until the issue is clarified.
A later post-mortem report from the team stated that the NUM token contract will be upgraded to prevent similar attacks in the future.
One way to alleviate the repercussions of this exploit could have been for the affected user to retract unrestricted permissions from the Multichain, thus diminishing the potential avenues for attack. This event followed a prior breach targeting the Multichain, resulting in a substantial loss of approximately $1.4 million.
In circumstances like these, the role of Neptune Mutual takes on paramount importance. Individuals who acquire our parametric cover policies are exempted from the necessity of furnishing proof for their losses in order to receive payouts. Once an incident is verified and resolved via our incident resolution system, payouts can be promptly claimed.
We provide a comprehensive assessment of security, spanning DNS and web-based security, meticulous reviews of smart contracts, and exhaustive evaluations of both frontend and backend security. Our solution empowers you to meticulously scrutinize your platform, fortifying it against both known and unforeseen vulnerabilities that could potentially lead to far-reaching and disastrous consequences. If you are truly dedicated to security and have the financial means, desire, and sense of responsibility, we encourage you to initiate a dialogue with us via social media to safeguard your protocol.
In conclusion, the attack on the Numbers Protocol serves as a vivid reminder of the imperative need for preemptive security measures within the DeFi realm. Neptune Mutual stands as an unwavering collaborator, reinforcing security measures and offering a robust framework to alleviate the impact of vulnerabilities, thereby cultivating a more secure and resilient ecosystem in the domain of decentralized finance.
We have sent email confirmation. Please confirm to receive our
newsletter.
Unfortunately, something went wrong while trying to complete your
request. Please try again later. If the problem persists, do not
hesitate to let us know through the community channels.
