Key Points:
The attacker seems to have stolen the tokens via a re-entrancy vulnerability, then switched them and bridged them to the Ethereum main chain.
According to CertiK, the fundamental reason is Balancer’s read-only reentry.
In order to determine the price, the price oracle employed depends on the balances of the assets in the pool and the total quantity of the LP tokens (B-33WETH-33WBTC-33USDC).
To influence the price, the exploiter used 606 WBTC, 10,000 WETH, and 18 million USDC to use the Balancer vault’s ‘joinPool’ function, increasing the overall supply of the LP coin. He then withdrew the funds by using ‘exitPool(),’ which sent 606.8 WBTC, 1,000 ETH, and 17.9 million USDC consecutively.
Among these transactions, moving ETH back will activate the exploiter contract’s fallback feature. Since the overall supply is reduced in the fallback function, but the recorded balances of WBTC, WETH, and USDC are not changed in the pool, the price is tilted, and the attacker may borrow numerous assets at the slanted price.
Sentiment is now examining the protocol’s stolen cash. The team has made efforts to determine the core cause of the breach and prevent the possibility of subsequent losses. The team has contacted law enforcement and has collaborated with third-party auditors and security organizations.
Sentiment sent a message to the hacker a few hours ago, promising to let them retain 10% of the stolen monies as a reward if they returned the remainder. The letter promised a $95,000 payment if the assets were returned before 8 a.m. UTC on April 6. If the prize is not returned, Sentiment will be distributed to individuals who provide information on the hacker.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…
SEC Chair Gary Gensler will step down on January 20, 2025, coinciding with President-elect Donald…
The MicroStrategy convertible notes offering, initially set at $1.75 billion, was increased to $2.6 billion…
Discover why Qubetics, Cosmos, and Chainlink are the best cryptos to buy in November 2024.…
Best Cryptos to Buy in December 2024: Qubetics ($TICS) presale explodes, Ethereum (ETH) eyes a…
Palo Alto, California, 21st November 2024, Chainwire
This website uses cookies.