Key Takeaways
- SpiritSwap has been compromised. However, the team has caught this early, and only $18K has been lost.
Below is a quick overview of this project.
SpiritSwap is a decentralized exchange (DEX) on the Fantom Opera Chain. SpiritSwap’s design is based on the Uniswap constant-product automated market maker (AMM). In an AMM, liquidity providers deposit a pair of tokens, and an algorithm automatically makes markets for the token pair.
How did the Attack Occur?
Earlier diagnosis by the team suggested that the Hacker has exploited AWS, where they have changed the swap parameters so that swaps can go to a specific address. However, later it was found that Hacker had managed to exploit Godaddy, and they have hijacked their domain and copied their codebase, and in the process, they have changed the swap parameters.
There are no issues with their smart contracts. Hacker has created their own version of their site on the original domain. The site the Hacker has created sends swaps to his wallet. The team cannot access the domain to take the site down. Funds are safe, but domain is not.
What was the Team’s Response to the Attack?
Team wants shut down the website as soon as they were notified of this Attack, but the hack has made it difficult to do so. They have advised its users not to interact with the site until they announce an update. Team will now wait for Godaddy to take the current domain down and redeploy the site on a new domain if they can not regain control of the original domain.
As crypto hacks are increasing nowadays, our readers should stay alert.
