Key Points:
The attacker seems to have stolen the tokens via a re-entrancy vulnerability, then switched them and bridged them to the Ethereum main chain.
According to CertiK, the fundamental reason is Balancer’s read-only reentry.
In order to determine the price, the price oracle employed depends on the balances of the assets in the pool and the total quantity of the LP tokens (B-33WETH-33WBTC-33USDC).
To influence the price, the exploiter used 606 WBTC, 10,000 WETH, and 18 million USDC to use the Balancer vault’s ‘joinPool’ function, increasing the overall supply of the LP coin. He then withdrew the funds by using ‘exitPool(),’ which sent 606.8 WBTC, 1,000 ETH, and 17.9 million USDC consecutively.
Among these transactions, moving ETH back will activate the exploiter contract’s fallback feature. Since the overall supply is reduced in the fallback function, but the recorded balances of WBTC, WETH, and USDC are not changed in the pool, the price is tilted, and the attacker may borrow numerous assets at the slanted price.
Sentiment is now examining the protocol’s stolen cash. The team has made efforts to determine the core cause of the breach and prevent the possibility of subsequent losses. The team has contacted law enforcement and has collaborated with third-party auditors and security organizations.
Sentiment sent a message to the hacker a few hours ago, promising to let them retain 10% of the stolen monies as a reward if they returned the remainder. The letter promised a $95,000 payment if the assets were returned before 8 a.m. UTC on April 6. If the prize is not returned, Sentiment will be distributed to individuals who provide information on the hacker.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
In the third quarter of 2024, despite a challenging market environment, Gate.io maintained strong growth…
MEXC is proud to partner with the inaugural Crypto Content Creator Campus CCCC event, taking…
Dtec and DİZAYNVIP partner to merge AI technology with luxury vehicle design, revolutionizing smart mobility…
Bitcoin Spot ETF Outflows hit $541M on November 4, the second-highest single-day outflow in history.…
The hype around PropiChain’s token presale is due to its innovative integration of NFTs and…
UK pension fund Cartwright advised the country's first defined benefit pension fund to allocate 3%…
This website uses cookies.