An exploit has affected the multichain exchange aggregator Dexible, and as a result, $2 million worth of cryptocurrencies have been lost, according to a post-mortem report posted by the developers on the project’s official Discord channel on February 17.
The Dexible front end displays a popup warning about the hack anytime users visit to it as of 6:35 PM UTC on February 17. The team reported that it had found “a potential hack on Dexible v2 contracts” at 6:17 am UTC and was looking into the matter. It sent a second statement saying it now knew “$2,047,635” about nine hours later. 17 trading addresses were used to exploit. 13 on arbitrum, 4 on mainnet.
At 4:00 PM UTC, a post-mortem report was published as a PDF file and made available on Discord. The team also stated that it was “currently working on a remedial plan.” The team claims in the paper that it became aware of a problem when one of its founders had $50,000 worth of cryptocurrency removed for unknown reasons from his wallet. The team’s investigation revealed that an attacker had transferred over $2 million worth of cryptocurrency from users who had previously given the app permission to transfer their tokens using the selfSwap feature of the app.
The selfSwap function allowed users to swap one token for another by providing the address of a router and the calldata connected to it. aaa an aa aaaaaaaoaa In order to transfer user tokens from their wallets into the attacker’s own smart contract, the attacker utilized this function to route a transaction from Dexible to each token contract. The token contracts did not stop the fraudulent transactions since they were coming from Dexible, which users had already given permission to use their tokens for.
The attacker transferred the funds through Tornado Cash into unidentified BNB wallets after receiving the tokens into their own smart contract. Dexible’s contracts have been suspended, and users are encouraged to remove token authorizations for them.
Stay with us for more daily crypto news. Comment your thoughts of these news on our social channels below