PeckShield Inc.

PeckShield Inc.

27-10-2022

11:02

1/ @TeamFinance_ was exploited in leading to the loss of ~$15.8M for the protocol: $11.5M (V2_USDC_CAW)+$1.7M(V2_USDC_TSUKA)+0.7M(V2_KNDX_WETH)+1.9M(V2_FEG_WETH). @trustswap

2/ The protocol has a flawed migrate() that is exploited to transfer real UniswapV2 liquidity to an attacker-controlled new V3 pair with skewed price, resulting in huge leftover as the refund for profit. Also, the authorized sender check is bypassed by locking any tokens.

3/ The initial fund (1.76 ETH) to launch the hack is withdrawn from @FixedFloat. Currently all stolen funds are still parked in the following account (880 ETHs, 6.4m DAIs, 11.8m TSUKAs and 74.6trillion CAWs)

Here comes the hack flow with the stolen funds:

Latest update from the @TeamFinance_ team:



Follow us on Twitter

to be informed of the latest developments and updates!


You can easily use to @tivitikothread bot for create more readable thread!
Donate 💲

You can keep this app free of charge by supporting 😊

for server charges...