Hacker exploited a smart contract vulnerability in the decentralized financial service Fantom Fantasm Finance and withdrew 1,007 ethers.

Home / Hacker exploited a smart contract vulnerability in the decentralized financial service Fantom Fantasm Finance and withdrew 1,007 ethers.

The DeFi-project Fantasm Finance team tweeted on Wednesday, March 9, about the hacker attack and asked all users to pick up the blocked XFTM tokens and also to transfer tokens from the liquidity pool to avoid losses:
“Our FTM collateral pool has been hacked, there are currently 1,820,012 FTM pool balances left to redeem.”
Alpha Finance engineer Nipun Pitimanaaree examined traces of the hack and said that the attackers who attacked the platform used an exploit in the Fantasm Mint smart contract and were able to issue huge amounts of Fantasm XFTM tokens (XFTM) using Fantasm FSM tokens.
Pitimanaari added that the criminals first used 50 FTM tokens, which are collateral for the Fantasm project. Then, using larger amounts of tokens, they exchanged tokens for 1,007 ethers (about $2.6 million). The attackers then moved the ethers to a certain wallet and laundered the stolen assets using the TornadoCash mixer.
According to cybersecurity experts, several users followed the lead of unknown hackers and exploited a vulnerability in the Fantasm Mint smart contract. They withdrew the vast majority of the remaining tokens from the pool. The exact amount of damage has not yet been disclosed, but it should exceed the original $2.6 million.
The Fantasm team notified users of the site via Twitter on Thursday, March 10, that it was developing a plan to compensate for the stolen funds. Full details of the hack should be released shortly. However, Pitimanaari warned users that there may still be vulnerabilities in the project’s smart contracts.
Last month, digital asset retirement account management company IRA Financial Trust was hacked. According to preliminary estimates, hackers stole $21 million worth of BTC and $15 million worth of ETH. A little earlier, unknown assailants hacked Dego Finance and took tokens from liquidity pools. Recently, the European Commission proposed to block compromised smart contracts. Against the background of numerous cases of hacking, the authors of the draft law on data protection demanded developers to provide a mechanism for contract management.

Leave a Reply

Your email address will not be published.