Lendhub exploiter shifts revenues to tornadocash

Veröffentlicht: 27. Februar 2023, 17:39 Uhr

Aktualisiert: 27. Februar 2023, 17:49 Uhr

Von: Krypto News Österreich

lendhub, a relatively small cross-chain crypto credit platform that is operated on HECO, was exploited in early January of $ 6 million.

attack only possible due to poor coding

The attack was carried out due to a poorly carried out removal of an outdated IBSV CTOKEN. His already active replacement had an identical price point at the time, the the unknown bad Actors to manipulate pricing and to deduct crypto worth around $ 6 million from the platform.

According to the blockchain security researcher Semorn, an proper analysis of the attack will be difficult because the Smart Contracts that are responsible for the price of the two tokens have not been verified. In addition, the smart contracts themselves were not attacked, but only the tokens themselves that should not have been listed at the same time.

"While the relevant smart contracts are not verified-which makes an in-depth analysis difficult-the attacker did not have to take advantage of a smart contract weak point in order to carry out this attack. The attack was only possible because two competing versions of the same token were available on the market."

partial withdrawal on site

a little more than 1100 ETH at the time of around $ 1.79 million were sent to Tornadocash just a few hours after the exploit.

The rest of the stolen funds seems to move again, according to Peckshield and Beosin.
2415 ETH, which was worth over $ 3.8 million at the time of the creation of this article, were sent to Tornadocash.

#Peckshieldalert ~ 2.415,4 $ ETH (~ 3.85 million) in Tornado Cash from @lendhubdefi exploiters
lendhub was exploited, and on January 12th cryptos were stolen from his protocol. href = "https://t.co/8fzy3v2fe3" Data-Wpel-Link = "external"> pic.twitter.com/8fzy3v2Fe3

- Peckshieldalert (@peckshieldalert) 27. February 2023

This increases the total amount that has been transferred to Tornadocash to 3515.4 ETH, which currently has a value of over $ 5.7 million. The remaining hundreds of thousands are still in the attacker's wallet and will probably be sent to a crypto mixer shortly.

Fortunately, this story has a silver stripe on the horizon-that was the greatest Attack Crypto company in January and is far from the Harmony or Ronin attacks of last year. In total, cryptocurrencies worth around $ 8.8 million was lost in January, which corresponds to a reduction in the stolen value by over 90 % compared to January 2022

whether this is because developers start taking security more seriously, or other factors, it is important to remain aware that cyber security is a constant struggle - and if developers want to lead a positive success balance, they should be vigilant.