Fortress Protocol Hacked, Around $3M Stolen

Key Takeaways

  • Fortress Protocol has suffered an exploit, and its native token, i.e., FTS, is dropped by 42%.
  • Hacker has transferred all the funds, i.e., 1,048.1 ETH and 400,000 DAI, into Tornado Cash. Fortress Team has advised everyone to supply any assets to the prot0col at this moment.
Token Price Crash
Token Price Crash

Below is a quick overview of this project.

Fortress is an algorithmic money market and synthetic stable coin protocol designed to bring secure and trustless credit and lending to users on Binance Smart Chain. It enables investors to lend and borrow cryptocurrencies by pledging the platform an over-collateralized amount of cryptocurrency.

What was the Team’s Response to the Attack?

Around 8:18 AM IST, the Fortress team has tweeted and informed the community about this Attack. According to the team, This was an oracle manipulation attack to drain all funds.

Jetfuel Finance team, which is also behind the team Fortress Protocol project, was the first one to confirm this Attack on their official Twitter account today around 7:39 AM IST.

Here is the hacker’s address that started the Attack: https://bscscan.com/address/0xA6AF2872176320015f8ddB2ba013B38Cb35d22Ad. Next, the transaction address initiated the oracle attack: https://bscscan.com/tx/0x13d19809b19ac512da6d110764caee75e2157ea62cb70937c8d9471afcb061bf. Finally, here is the address of its official FTS token: https://bscscan.com/token/0x4437743ac02957068995c48e08465e0ee1769fbe.

All the stolen funds have been bridged to Ethereum and deposited into Tornado Cash. Below is the screenshot of all the transactions into Tornado Cash. The team has tweeted that We need the support of all of our partners and key organizations in the community to assist and try to freeze and bring back the funds! IF THERE IS ANYTHING ANYONE CAN DO, PLEASE DM US!

Transactions Of Hacker
Transactions of Hacker

How did the Attack occur?

This was the case of an oracle manipulation attack. Below is the screenshot of the code bug by PeckShield.

Fortress Protocol Hacked, Around $3M Stolen
Hacker’s Methodology

Anyone can hijack the chain oracle used by Fortress Protocol due to the lack of power verification. Below is the screenshot of exploited code by PeckShield.

Fortress Protocol Hacked, Around $3M Stolen

So basically, the hacker purchased FTS tokens and then took control of the governance contract. After that, he manipulated the loan contracts and finally borrowed a large amount of assets from the loan contracts. Then, finally bridged the funds to Ethereum and sent them to TornadoCash. In the screenshot below, we can see the complete movement of funds.

Hack Explained By Peckshield
Hack Explained by Peckshield

As crypto hacks are increasing nowadays, our readers should stay alert.

Here are some latest hacked projects our readers should know about:
  1. MM.Finance Hacked, Around $2M Stolen
  2. BAYC Instagram Hacked, Around $10M worth NFTs stolen
  3. Rari Capital Hacked, Around $80M Lost
  4. Saddle Finance Hacked, Around $10M Stolen
Default image
Yash Kamal Chaturvedi

Btech Computer Science, Maharshi Dayanand University, Rohtak (2023)

Crypto Products

Can’t find what you’re looking for? Type below and hit enter!