Key Takeaways:
- After losing $14.5 million to a bug exploit, cryptocurrency vesting platform Team Finance declared that it had become the latest unfortunate victim.
- Users have been reassured by Team Finance that the funds on its platform are safe from the exploit, but services have been suspended pending a fix.
On October 27, Team Finance, a web3 infrastructure platform that helps companies secure tokens, experienced a hack that cost $14.5 million in lost assets, the company tweeted.
To stop further attacks, Team Finance has momentarily halted all platform operations. Now, the project is expecting that the cyber attackers will get in contact to talk about a reward payment and returning the money that was stolen.
The Ethereum-based project disclosed on Thursday that its audited Uniswap V2 to V3 migration feature had been misused. Later, the project claimed that respectable firm had carried out those evaluations.
Uniswap v3 was developed with increased precision for liquidity providers (LP) than v2 on its decentralised exchange. Even though v2 smart contracts continue to be in use, users must interact with a migration smart contract in order to transfer their LP assets from v2 to v3.
PeckShield identified that the initial strike vector required for this interaction only cost 1.76 Ether CAW, TSUKA, and KNDA tokens because the liquidity pools were “moved” to Uniswap v3.
The exploit and resulting liquidity crunch caused significant price drops for some of the affected coins, including CAW, on the decentralised market.In order to launch the attack, the hacker withdrew 1.76 Ethereum (ETH) tokens from FixedFloat.
The assailant kept all of the stolen property in a single wallet. According to PeckShield, the total loss also includes 880 ETH and 6.4 million DAI tokens.
Users were reassured by Team Finance that the same scammer is no no longer a danger to the platform’s remaining assets.
The team added that they had contacted the exploiter in an effort to find a solution. According to the update, the exploiter’s Ethereum wallet address has since been flagged and exchanges have reportedly been notified.
Decentralized exchange (DEX) Transit Swap was the first to be affected by the attacks, losing nearly $23 million as a result of a syntax error. Despite the project managing to recoup a sizable portion of the funds that were stolen after protracted negotiations, the majority of the damaged portals were not lucky enough to get a refund from their attackers.
Web3 and technological advancements undoubtedly go hand in hand, but so do the bad actors who exploit any chance they get. An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB at the beginning of October. According to the company’s calculations, there has been a loss of between US$70 and US$110 million in BNB.
