Dexible Exploited By Hackers Causing Damage $2 Million
- An exploit has affected the multichain exchange aggregator Dexible, and as a result, $2 million worth of crypto has been lost.
- A few whales accounted for around 85% of the losses, the study continued.
- Blockchain data reveals that BlockTower Capital, an investing company for digital assets, was one of the victims.
Early on Friday, the decentralized exchange aggregator Dexible was the victim of a $2 million hack, according to an announcement the protocol updated on its Discord channel.
The Dexible front end displays a popup warning about the vulnerability anytime users visit it as of 6:35 pm UTC on February 17.
According to a tweet from Dexible, the hacker was able to drain assets from cryptocurrency wallets containing funds that had been authorized for use by taking advantage of a flaw in the smart contract code.
The team announced that it had found a possible hack on Dexible v2 contracts at 6:17 am UTC and was looking into the matter. It sent a second statement saying it now knew $2,047,635 about nine hours later. A few whales accounted for around 85% of the losses, the study continued.
According to a report by Dexible, the attack affected 13 Arbitrum wallets and 5 Ethereum wallets. These wallets have been fully mined.
Around 4:00 pm UTC, a post-mortem report was published as a PDF file and made available on Discord. The team also stated that it was currently working on a remedial plan.
The team claims in the paper that it became aware of a problem after one of its founders had $50,000 worth of cryptocurrency removed for unclear reasons from his wallet. The team’s investigation revealed that an attacker had transferred over $2 million worth of cryptocurrency from users who had previously given the app permission to transfer their tokens using the selfSwap feature of the app.
The selfSwap function allowed users to swap one token for another by providing the address of a router and the calldata connected to it. however, the code didn’t contain a list of routers that had already been certified.
In order to transfer user tokens from their wallets into the attacker’s own smart contract, the attacker utilizes this method to route a transaction from Dexible to each token contract. The token contracts did not stop the counterfeit transactions since they were coming from Dexible, which users had previously given permission to use their tokens for.
Michael Coon, chief executive of Dexible, said:
“We have paused these contracts, while we get a full picture of the situation.”
According to blockchain data, BlockTower Capital, an investing company for digital assets, was one of the victims.
A wallet described as belonging to BlockTower by blockchain intelligence company Arkham Intelligence was emptied of almost $1.5 million in TRU tokens by the wallet address linked to the Dexible exploiter on the blockchain monitoring platform Etherscan. BlockTower Capital’s address has also been assigned by blockchain intelligence company Nansen.
Arkham’s blockchain transactions demonstrate that the exploiter sent the stolen TRU tokens to SushiSwap in order to exchange them for Ethereum (ETH). They then transfer ETH to TornadoCash, a cryptocurrency mixing service.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu