Rubic Lost More Than $1.4 Million Due To The Hack
Key Points:
- More than $1.4 million was lost in total.
- The attacker used the Tornado Cash mixing protocol to send 1,100 ETH.
As PeckShield reported, the Rubic exchange was hacked, resulting in a $1.4 million loss. The attacker has currently sent 1100 ETH to Tornado Cash.
The DEX aggregator Rubic works over many chains. Through the routerCallNative function of the RubicProxy contract, users have the ability to trade native tokens. It will first perform a check to determine whether or not the target Router of the desired call that was entered by the user is included on the white list for the protocol before redeeming.
Monitoring conducted by PeckShield revealed that the multi-chain exchange mechanism had been compromised, which led to the loss of more than 1.4 million US dollars. The adversary compromised the Tornado Cash mixing protocol by transferring 1,100 ETH.
Following an investigation into the stolen process, the SlowMist security team came to the conclusion that the primary motivation behind the attack was the protocol’s erroneous addition of USDC tokens to the whitelist maintained by the Router. This led to the theft of USDC tokens from users who were authorized to access the RubicProxy contract.
Only after the whitelist check will the user’s user-supplied target Router be called, and the user will also supply the data that will be used to make the call. Unfortunately, USDC coins have also been added to the whitelist of the Router component of the Rubic protocol. This makes it possible for any user to randomly call USDC tokens by using the RubicProxy contract.
As a consequence of this, malicious users take advantage of this vulnerability by making calls to the USDC contract through the routerCallNative function and transferring USDC tokens from users who are authorized to access the RubicProxy contract to the account of the malicious user through the transferFrom interface.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Chubbi
Coincu News
Author
News
Rubic Lost More Than $1.4 Million Due To The Hack
Key Points:
- More than $1.4 million was lost in total.
- The attacker used the Tornado Cash mixing protocol to send 1,100 ETH.
As PeckShield reported, the Rubic exchange was hacked, resulting in a $1.4 million loss. The attacker has currently sent 1100 ETH to Tornado Cash.
The DEX aggregator Rubic works over many chains. Through the routerCallNative function of the RubicProxy contract, users have the ability to trade native tokens. It will first perform a check to determine whether or not the target Router of the desired call that was entered by the user is included on the white list for the protocol before redeeming.
Monitoring conducted by PeckShield revealed that the multi-chain exchange mechanism had been compromised, which led to the loss of more than 1.4 million US dollars. The adversary compromised the Tornado Cash mixing protocol by transferring 1,100 ETH.
Following an investigation into the stolen process, the SlowMist security team came to the conclusion that the primary motivation behind the attack was the protocol’s erroneous addition of USDC tokens to the whitelist maintained by the Router. This led to the theft of USDC tokens from users who were authorized to access the RubicProxy contract.
Only after the whitelist check will the user’s user-supplied target Router be called, and the user will also supply the data that will be used to make the call. Unfortunately, USDC coins have also been added to the whitelist of the Router component of the Rubic protocol. This makes it possible for any user to randomly call USDC tokens by using the RubicProxy contract.
As a consequence of this, malicious users take advantage of this vulnerability by making calls to the USDC contract through the routerCallNative function and transferring USDC tokens from users who are authorized to access the RubicProxy contract to the account of the malicious user through the transferFrom interface.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Chubbi
Coincu News
Other Posts
Related Posts
News
Sui Token Supply Is Controversial When Over 84% Of Staked Tokens Are Controlled By Founders
News
Bitfinex Data Breach Is Now Causing Controversy, Tether CEO Voices Rebuttal
News
LayerZero Sybil Airdrop Farmers Are Now Being Drastically Blocked For Fraud
News
Address Error Results in $68 Million WBTC Loss, Victim Falls to Phishing Scam
Knowledge
US Election Predictions: The Effects And Importance Of The New US President
News
