Poolz and Euler hit $2.3M total with back-to-back DeFi exploits

A hack spotted on Wednesday on Binance Smart Chain and Polygon, Peckshield, caused Poolz Finance to lose around $390,000.

The blockchain security company noted that the hack may have been caused by an arithmetic overflow issue.

Poolz Finance hack, what we know

According to Peckshield, preliminary analysis points to an arithmetic overflow issue with Poolz Finance. In computer science, it is an issue of large operation yield relative to a relatively small storage system. Meanwhile, Peckshield identified a repeating pattern on token vesting contracts by the same sender.

The source in Solidity states,

“Arithmetic operations in Solidity wrap on overflow. This can easily result in bugs, because programmers usually assume that an overflow generates an error, which is standard behavior in high-level programming languages. `SafeMath` reinforces this intuition. Restores when an operation overflows.

Blockchain vigilante Bythos was the first to recognize Peckshield and tweet about the issue.

Poolz is a cross-chain decentralized IDO platform. Its infrastructure allows crypto projects to be funded before they go public. However, its POOLZ token has taken a hit of over 95% in the past day itself.

The current POOLZ price at $0.19 is down 99% from its all-time high. Almost two years ago, in April 2021, POOLZ touched an all-time high of $50.89.

Euler Finance hack before the event

On March 13, decentralized finance (DeFi) protocol Euler Finance ran an exploit. BeInCrypto reported that day that hackers stole more than $195 million from the platform in a quick loan attack.

Euler then sent an on-chain message to the hacker. “If 90% of the funds are not returned within 24 hours, tomorrow we will initiate a $1M reward for information leading to your arrest and return of all funds,” he added.

The hackers reportedly moved funds from the protocol to two new accounts. The wallets were heavily loaded with the DAI stablecoin and Ethereum (ETH).

DeFi Protocols Still Have a Target on Their Back

In February, Platypus lost over $8.5 million in a flash loan raid. According to a report by Chainalysis, $3.8 billion worth of cryptocurrency is set to be lost in 2022, making it the biggest year ever for hacking. The bulk of this money has come from DeFi protocols.

These are based on the Web2 attack pattern, according to David Schwedt, chief operating officer of blockchain security firm Halborn. In a conversation with Chainalysis, he said, “A lot of the hacks we’re seeing aren’t necessarily Web3-centric, major exfiltration attacks. They’re traditional Web2 attacks that have Web3 implications.”




BeInCrypto has reached out to the company or the person involved in the story for an official statement regarding the recent development, but has yet to hear back.

Source link

Leave a Comment