key takeaways:
- RocketSwap Labs lost $865,000 on August 14 as a result of a severe security incident.
- To recover, RocketSwap quickly implemented an emergency strategy and relaunched a new farm contract.
The decentralized finance (DeFi) ecosystem has brought innovation and opportunities to the world of finance, but it’s not without its challenges. Recent events have highlighted the vulnerability of DeFi projects to exploits and breaches. One such incident is the RocketSwap exploit, where attackers managed to siphon off $865,000 from the project.
In response to the recent brute force hack that resulted in the unauthorized withdrawal of $865,000 worth of cryptocurrency, specifically 471 Ether, from RocketSwap Labs’ protocol on August 14, the project team has devised an emergency plan for recovery.
On August 15, the RocketSwap Labs team outlined their strategy, which involves several key actions. They intend to redeploy a new farming contract and make it open-source on the blockchain. Additionally, they plan to relinquish the minting rights, likely related to their RCKT token. Among the proposed measures, they also aim to communicate with the hackers with the hope of persuading them to return the stolen assets.
The hack occurred at 11:06 UTC on August 14 and revolved around exploiting a vulnerability in the Base project’s protocol. The attacker took advantage of this flaw to transfer approximately 471 Ether (ETH) from the Base blockchain to the Ethereum blockchain. This suspicious activity was detected and reported by PeckShield, a company specializing in blockchain security.
Following the hack, the perpetrator created a new token known as “LoveRCKT.” Subsequently, they transferred an extensive amount of this newly created token, specifically 90 trillion LoveRCKT, along with 400 ETH, to the Uniswap decentralized exchange.
The hacking incident that impacted RocketSwap Labs was attributed to a brute force attack on their server, as stated by the project itself. Their official announcement explained that the attack was characterized by an attempt to gain unauthorized access through aggressive and repeated attempts.
The exploit was successful due to a vulnerability associated with the proxy contract linked to their farm contract. Consequently, this vulnerability exposed multiple high-risk permissions, leading to the unauthorized transfer of assets from the farm. In response, immediate measures were taken to shut down the farm and mitigate any further potential risks.
RocketSwap Labs functions as a decentralized exchange operating within the Base platform. The project is driven by an ambitious vision, aiming to transition into a community-driven model through the implementation of a decentralized autonomous organization (DAO).
