2 years ago
An attacker targeting DeFi protocol El Dorado Exchange (EDE Finance) has returned implicit $400,000 worthy of USDC and USDT aft the task admitted that it made an “ill-advised determination to manipulate the price.”
Earlier today, the decentralized speech (DEX) protocol was exploited for astir $580,000, according to information steadfast Peckshield, which specializes successful monitoring and analyzing suspicious activities connected blockchain networks
Following the news, the EDE token was down 14% to $0.5767, astatine the clip of writing, according to CoinMarketCap data.
How EDE was exploited
A May 30 analysis from Numen Cyber Labs showed that the attacker manipulated the prices of the tokens connected the DEX.
The attacker exploited a relation wrong the protocol’s closed-source Oracle declaration aft invoking the “func_147d9322” function. According to Numen Cyber Labs, these actions allowed the attacker to manipulate the token prices and efficaciously exploit the project.
Meanwhile, the project’s auditor LunaraySEC said the exploited vulnerabilities were not wrong the scope of its archetypal audit, adding that the EDE Finance squad has “identified and fixed” the issue.
EDE attacker nets $100k
On-chain data shows that the DEX attacker gained $104,000 aft returning 86,222 USDT and 333,948 USDC of the stolen funds.
According to on-chain messages, the attacker alleged the project’s squad inserted a backdoor that would person allowed them to liquidate their users and bargain their funds.
“The developers implemented a backdoor that allowed them to unit liquidate immoderate presumption they desired. This malicious enactment progressive intentionally signing incorrect prices to manipulate users’ positions and bargain their funds. To halt this onslaught connected users, a achromatic chapeau was initiated to bring this contented to light.”
The attacker wrote that if the squad admitted to this malicious activity, they would instrumentality the funds and “bring to airy further vulnerabilities that exist.”
EDE squad says the malicious declaration was intended to blacklist exploiters
While admitting the allegations, the EDE squad stated its “intention was to blacklist those who had antecedently exploited the system.” It added:
“We did not purpose to misappropriate users funds arsenic this would permission a traceable record. We volition promptly region the problematic weaponry contract.”
Additionally, the protocol offered the attacker 5% of its team’s token allocation arsenic gratitude for pointing retired the different vulnerabilities. However, the connection is taxable to the team’s vesting period.
The station El Dorado Exchange attacker returns implicit $400k aft squad admits codification vulnerabilities appeared archetypal connected CryptoSlate.
English (US) 