2023-3-15 11:00 |
A hack has cost Poolz Finance around $390,000 on the Binance Smart Chain and Polygon, PeckShield spotted on Wednesday.
The blockchain security company noted that the hack could have occurred due to an arithmetic overflow issue.
Poolz Finance Hack, What We KnowAccording to PeckShield, the initial analysis points towards an arithmetic overflow issue with Poolz Finance. In computer science, it is an issue of a larger operation yield against the relatively smaller storage system. Meanwhile, PeckShield identified a repeat pattern by the same sender on the Token Vesting contract.
Our initial analysis shows the @Poolz__ hack is due to a classic arithmetic overflow issue, which is exploited to drain funds from the contract — Poolz: Token Vesting https://t.co/OA6PQJcKNC https://t.co/13pbiuQRYt pic.twitter.com/KLrrclpwcX
— PeckShield Inc. (@peckshield) March 15, 2023The source in Solidity states,
“Arithmetic operations in Solidity wrap on overflow. This can easily result in bugs, because programmers usually assume that an overflow raises an error, which is the standard behavior in high level programming languages.`SafeMath` restores this intuition by reverting the transaction when an operation overflows.”
Blockchain vigilante Bythos was the first to identify and tweet about the issue to PeckShield.
Poolz is a cross-chain decentralized IDO platform. Its infrastructure allows crypto projects with funding before they go public. However, its POOLZ token has taken a hit of over 95% in the past day alone.
POOLZ’s current price of $0.19 is more than 99% lower than its all-time high. Nearly two years back, in April 2021, POOLZ hit a peak price of $50.89.
Euler Finance Hack Preceded the IncidentOn March 13, the decentralized finance (DeFi) protocol Euler Finance underwent an exploit. BeInCrypto reported on the day that hackers stole over $195 million from the platform in a flash loan attack.
Following this, Euler sent an on-chain message to the hacker. They said, “If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and return of all funds.”
$20m and no hunt vs $200m and you're chased heavily by on-chain sleuths wanting $1m reward…
This seems like a no brainer. https://t.co/VSXbwgi7ve
The hackers have reportedly moved the money from the protocol to two new accounts. The wallets were heavily loaded with DAI stablecoins and Ethereum (ETH).
DeFi Protocols Still Have a Target on Their BacksIn February, Platypus lost over $8.5 million in a flash loan attack. According to a report by Chainalysis, 2022 lost $3.8 billion worth of cryptocurrency, making it the biggest year for hacking. The bulk of this money came from DeFi protocols.
According to David Schwed, Chief Operating Officer of blockchain security firm Halborn, these are based on a web2 attack pattern. In a conversation with Chainalysis, he said, “A lot of the hacks that we’re seeing aren’t necessarily web3-focused, key exfiltration attacks. They’re traditional web2 attacks that have web3 implications.”
The post Hacker Steals $390K From Poolz Finance Just Days After $180M Euler Finance Exploit appeared first on BeInCrypto.
Similar to Notcoin - Blum - Airdrops In 2024