- EVODeFi bridge front end was hacked.
- The bridge page was up whereas the home page down.
- Users reported that funds are being sent to a foreign address.
Yesterday EVODeFi bridge front end was hacked. The bridge page was up whereas the home page down. Users reported that funds are being sent to a foreign address. Further EVODeFi Tweeted and informed its community that “We are finalizing to resolve the issue. The bridge will be up soon. We had trouble with the domain registrar. We will come out with a clear explanation within today. All funds are safe.”
EVODeFi Tweets Threads further read that “The bridge is back to normal. You can bridge funds fast, smooth and safe again. The UI bug that caused the bridge stoppage was caused by our development service. We will give details shortly as we provide fast and secure service from the very beginning and want to keep up the good work for later. We’ve already started refunds. PLEASE NOTE: whether you don’t get your refund by 1:30 pm UTC today, please contact our mods.”
According to Rugdoc.io the scammer hacked the front end and redirected the bridge to send funds to address 0xc0d7862065a5da1e9bea774e06800466123f63ef. It still used the old bridge contract so no new approval was needed.
According to a Twitter user, EVODeFi bridge was controlling ~$12M asset in the Bridge contract with an EOA address to initiate the withdrawal. According to the Threads posted by him, if the private key of the withdrawer is compromised, the entire Bridge contract could be drained with a single `withdraw()` transaction. All the assets farming in ValleySwap
should be bridged from EVODeFi, which means the compromisation of EVODeFi will make ValleySwap collapse.
For users mining in ValleySwap, all the assets are literally stored in a contract controlled by an EOA address. The deployer of EVODeFi or anyone who has the withdrawer’s private key could transfer your funds out of the bridge instantly.