Crew Finance exploited for .5M throughout protocol migration regardless of contract audit

Crew Finance exploited for $14.5M throughout protocol migration regardless of contract audit

by Jeremy October 27, 2022

On Oct. 27, decentralized finance (DeFi) lockup protocol Crew Finance mentioned that over $14.5 million value of tokens had been exploited by means of the Uniswap v2 to v3 migration perform on its platform. As informed by blockchain safety agency PeckShield, the hacker transferred liquidity from Uniswap v2 property on Crew Finance to an attacker-controlled v3 pair with skewed pricing. By locking tokens to the contract, the attacker bypassed current validation mechanisms and pocketed the large leftovers as a refund for revenue.

Uniswap v3 was designed with higher effectivity for liquidity suppliers (LP) than v2 on its decentralized alternate. Nevertheless, v2 sensible contracts are nonetheless operational, and customers should work together with a migration sensible contract emigrate their LP property from v2 to v3. PeckShield estimated that the preliminary assault vector required for this interplay price simply 1.76 Ether (ETH).

Drained property embody USD Coin (USDC), CAW, TSUKA and KNDA tokens, because the liquidity swimming pools had been “moved” to Uniswap v3. On the decentralized alternate, among the affected tokens, resembling CAW, suffered steep value declines as a result of exploit and subsequent liquidity crunch.

Crew Finance mentioned that the sensible contract had been beforehand audited and urged the hacker to “get involved with us for a bounty cost.” In consequence, builders have quickly paused all exercise on the protocol and declare that every one funds on the platform aren’t prone to an extra exploit. Based in 2020, Crew Finance and its guardian agency, TrustSwap, present token liquidity locking and vesting companies for venture executives. The protocol claims to have $3 billion secured throughout 12 blockchains.

With vesting intervals longer than Liz Truss’ employment historical past… https://t.co/1Wo6RwqsFg can maintain you safer than the British financial system this winter!

Lock your tokens at present and maintain the Truss away. pic.twitter.com/QYPhjg7HQo

— Crew Finance (@TeamFinance_) October 21, 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Crew Finance exploited for $14.5M throughout protocol migration regardless of contract audit

THORChain community halted following software program bug

Polygon Exhibits Energy As Bulls Eye $1, However There Is A Key Challenge Pending

Related Posts