The Fantom network, which aims to keep the prices of the stablecoins fUSD and USDC stable, just experienced an exploit after hackers stole a private key from one of their repositories on Github. The same thing has happened for more than 5 months, the protocol developers revealed in a detailed published study publication yesterday (October 5th).
“Attackers were able to gain access to the STEAK implementer’s account based on the private keys that were displayed on Github when the public steak contracts were first committed on May 19th.”
Two different accounts were used to exploit the vulnerability. The first attacker burned around 140,823 STEAK from the liquidity provider when the 5 million STEAK supply was pre-mined. They were then able to transfer the same amount of STEAK from the compromised deployer’s account to their own.
You then devalue liquidity provider tokens for the STEAK-FTM liquidity pool and withdraw funds from several developer wallets. They picked up 80,636 FTMs valued at $ 115,309.
The second attacker minted an additional 30,000 STEAK while stealing 18,386 fUSD-USDC LP, 9,719 USDC, and 387 FTM from the STEAK warehouse. A total of 81,351 USDC flew in color.
The STEAKs coined by the attackers were brought to market, which resulted in a decrease of almost 93% within a few minutes. At the time of writing, STEAK is down 99% of its value and is trading at $ 0.045, down from $ 4.84 before the hack.
The trading volume of STEAK also increased by 1,062.41%. Though StakeSteak developers have warned users not to “buy” STEAK tokens on Twitter.
Don’t buy steak brands, guys. When the PKs are in the wild, this token cannot be revived unless a new one is provided.
For your information. Buying the dip in this particular case is not the right step. https://t.co/cmUBj14b40
– Fantom Community Alerts (@FTMAlerts) October 4, 2021
“Don’t buy STEAK tokens, folks. If the PK is inactive, the token cannot be revived unless a new token is provided.
In this particular case, buying a dip is not a wise choice. “
Unlike previous crypto hacks, StakeSteak cannot be easily fixed. If the private key is compromised, the only way for developers to recover it is to create and deploy a new contract. They decided to rename the protocol as part of their recovery plan as they wanted to move “from staking STEAK” to “more useful and practical products”.
The developers wanted to come up with a new name for the protocol and make it more professional, so they asked the community to vote.
StakeSteak explains the compensation plan after the hack. The snapshot taken before the crash counts for all STEAK token holders, including xSTEAK, STEAK-FTM LP, STEAK-fUSD, STEAK-iFUSD, and STEAK-FTM. Tokens of the addresses in the snapshot are converted into the new token accordingly. However, LP is better compensated.
Just a week ago, another DeFi protocol, Compound Finance, was exploited through a bug in an update to the distribution mechanism, which resulted in more than $ 80 million in funds being compromised. Although the StakeSteak attack is much smaller, it indicates a worrying trend in protocol vulnerabilities.
Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews
According to AMBCrypto