DeFi plagued by hacks – Since its emergence at the end of 2019, the decentralized finance (DeFi) never stopped innovating. However, this is based on a series of smart contracts which can unfortunately have flaws. A lack of security that can make DeFi protocols prime targets for hackers. The protocol Skyward just paid the price in a $3 million hack.
Skyward in the sights of hackers: $ 3M stolen
Skyward Finance is a protocol that allows other protocols to pre-sell tokens ahead of their launch. This is deployed on the NEAR blockchain and aims to “enable fair token distribution and price discovery for NEAR-based projects”. This was launched in June 2021, when the craze was still high on the NEAR blockchain.
On November 3, Skyward teams announced to the community that the protocol had been the target of an attack.
“We regret to inform you that Skyward’s cash was drained in an attack on the smart contract. This resulted in a total loss of value for the cash and the $SKYWARD token. »
In total, the attacker stole the equivalent of $3 million. In practice, the attacker managed to siphon off about 1.1 million NEAR tokens in the protocol treasury.
Result, the price of cryptocurrency SKYWARD saw its price divided by a factor of 10, dropping from 12 to $1.35. Since then, the price has continued to fall and the token is currently trading around $0.82.
Nevertheless, the teams insisted that the attack did not affect the current presales.
>> Play it safe, register on FTX the reference of crypto exchanges (commercial link) <<
Course of the attack
Shortly after the facts, the first conclusions fell as to the operating mode used.
Thus, the attacker initially bought a large amount of SKYWARD tokens on the Ref Finance protocol. Subsequently, he went to the Skyward protocol to exchange his tokens for NEAR via the treasury module.
However, during his transaction the attacker passed many arguments to the function redeem_skyward().
Although the case still lacks clarity, it would seem that the fact of passing so many arguments allowed him to multiply the funds recovered.
Thereby, 130 SKYWARD purchased 500 wNEAR on RefCould be redeemed for 139,000 wNEAR on Skyward Finance. In a second transaction, the attacker was able to exchange 2,590 SKYWARD bought 10,000 wNEAR for 894,000 wNEAR.
The attacker then repeated the operation many times until he had completely emptied Skyward’s treasury pools.
At first glance, it would seem that checks were missing from Skyward contracts. Indeed, the contract apparently did not verify that the returned value was equal to that deposited by the attacker in SKYWARD tokens.
The protocol teams have not yet provided any additional information. They will probably try to get in touch with the attacker to negotiate a return of the funds.
Let’s hope Skyward follows the Team Finance protocol path. In effect, Team Finance managed to reach an agreement with its attacker and recover $ 7 million.
Hacks are unfortunate events, but they shouldn’t stop you on your crypto journey. Don’t wait to start accumulating the king of cryptocurrencies. Buy and trade your first BTC and ETH by registering on the FTX reference platform. In addition, you benefit from a lifetime reduction on your trading fees (commercial link, see conditions on the official website).