Steadefi Strategic Leveraged Vault Mine Was Mined $1.1 Million, All Funds At Risk
Key Points:
- The Steadefi strategic leverage project was attacked with an estimated $1.1 million in damage.
- Currently, all funds are at risk as an attacker has taken possession of a wallet that implements the protocol.
- The project calls for the hacker to return the money to receive the 10% bonus, otherwise, that part will go to the tracker, and the hacker will face a lawsuit.
Steadefi, an automated earnings leverage strategy platform, said on Twitter that the protocol was hacked, and all funds are now at risk. According to security company CertiK Alert’s monitoring, Steadefi has lost about $1.1 million in this incident.
Steadefi briefly updated the specific situation regarding the hack in another tweet. It said that the wallet that implements the protocol (also the owner of all the vaults in the protocol) had been compromised.
All funds are in jeopardy because the attacker has taken ownership of all the vaults (loans and policies) transferred to a wallet they control and proceeds to perform many actions only for holders, such as allowing any wallet that can borrow any available funds from the loan vault to be swapped for ETH and bridged to Ethereum.
The depositor’s vault has not been exhausted (as of now) because the attacker has no sole owner function to withdraw the deposit from the vault. If a user deposits funds into the strategic vault, withdrawals are still made of the available assets (assuming the attacker does not pause the vault). The attacker also paused the liquidity mining contract, which means that if you (and most people) deposit svtoken or ibtoken into the farm, you won’t be able to withdraw them either, even though the attacker public can’t extract them either.
Although the protocol did not reveal the exact damage, they did send a message to the attacker’s wallet address to negotiate. Steadefi hopes to cooperate with the participation. The parties involved in the exploit will discuss the bounty issue and offer a 10% reward for the stolen funds.
Steadefi threatens that if the attacker returns 90% of the funds by August 10 at 08:00 UTC, the protocol will extend the bounty to the public, and offer the complete 10% to the identifiable person your character in a way that leads to your conviction in court.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.