Key Takeaway:
- Elephant Money(Reserve) got robbed of more than 11 million USD.
- The team is working with Certik to investigate this attacked.
Today morning Elephant Money Tweeted and informed their community that they are pausing the Reserve which will disable Stampede and the minting/redeeming of TRUNK. Elephant Money is working with its partners at Certik /InsurAce to investigate this attack.
Elephant Money has published a report and at the time of writing this, the report noted that they have not been administratively hacked and nothing has changed on the network from a contract perspective. They have requested their users to please reference the past activity of the ELEPHANT Deployer to confirm. The past activity can be viewed here.
According to the report, several smart contracts and resources were used to automate an attack against the ELEPHANT Treasury. They are currently investigating the specific transactions and attack vectors used to remedy the situation in the short term.
The base layer of the Elephant Money platform is secure and has stood up to this challenge. The exploit of the Reserve will be addressed and they will move on.
The exploitation was executed in a single smart contract tx located at the tx hash 0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577. They are working with their partners to investigate this.
The ELEPHANT Reserve has been officially paused. Stampede and the Reserve will no longer function when trying to execute transactions. If Metamask says the Tx will fail it will and the user will burn BNB. The user will continue to earn Stampede rewards throughout this process. Reserve reward pools will be adjusted down from the inflated numbers created by the attack. TRUNK Rewards and performance pools will be adjusted to $2.5M and $500K respectively.
According to their report, the official loss from this exploit is 27,416 BNB, valued at $11.2M at the time of writing.