News

Rubic Lost More Than $1.4 Million Due To The Hack

Key Points:

  • More than $1.4 million was lost in total.
  • The attacker used the Tornado Cash mixing protocol to send 1,100 ETH.
As PeckShield reported, the Rubic exchange was hacked, resulting in a $1.4 million loss. The attacker has currently sent 1100 ETH to Tornado Cash.

The DEX aggregator Rubic works over many chains. Through the routerCallNative function of the RubicProxy contract, users have the ability to trade native tokens. It will first perform a check to determine whether or not the target Router of the desired call that was entered by the user is included on the white list for the protocol before redeeming.

Monitoring conducted by PeckShield revealed that the multi-chain exchange mechanism had been compromised, which led to the loss of more than 1.4 million US dollars. The adversary compromised the Tornado Cash mixing protocol by transferring 1,100 ETH.

Following an investigation into the stolen process, the SlowMist security team came to the conclusion that the primary motivation behind the attack was the protocol’s erroneous addition of USDC tokens to the whitelist maintained by the Router. This led to the theft of USDC tokens from users who were authorized to access the RubicProxy contract.

Only after the whitelist check will the user’s user-supplied target Router be called, and the user will also supply the data that will be used to make the call. Unfortunately, USDC coins have also been added to the whitelist of the Router component of the Rubic protocol. This makes it possible for any user to randomly call USDC tokens by using the RubicProxy contract.

As a consequence of this, malicious users take advantage of this vulnerability by making calls to the USDC contract through the routerCallNative function and transferring USDC tokens from users who are authorized to access the RubicProxy contract to the account of the malicious user through the transferFrom interface.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Chubbi

Coincu News

Chubbi

Share
Published by
Chubbi
Tags: cryptoDexhack
2 years ago

Recent Posts

Boost VC Invests in PoSciDonDAO, Welcoming It to Their Go-To-Market Program

Panama City, Panama, 19th December 2024, Chainwire

5 minutes ago

Curve Founder Liquidation: CRV Price Drop Triggers Sell-Off

Curve Founder Liquidation: Michael Egorov has been liquidated again, this time for $882,000 in CRV,…

35 minutes ago

Harbour Teams with Velocity Labs to Launch Instant Stablecoin Payment Between EU Banks and Polkadot

London, UK, 19th December 2024, Chainwire

1 hour ago

Is Qubetics the Next Big Thing? $7M Raised Alongside XRP’s Utility and Stellar’s Cross-Border Focus!

Discover the top three coins to invest in this weekend! Explore Qubetics, XRP, and Stellar's…

1 hour ago

Bety.com Introduces Blockchain-Powered Transparency and Fairness to Online Gaming

Victoria, Seychelles, 19th December 2024, Chainwire

1 hour ago

RWA Inc Expands Ecosystem with L2 Blockchain and DEX Launch

The L2 blockchain is at the core of RWA Inc’s ecosystem expansion, offering critical advantages…

2 hours ago

This website uses cookies.