According to cybersecurity company PeckShield, the attackers exploited a migration bug in Team Finance smart contracts.
Thus, hackers were able to access blocked liquidity tokens and withdraw them to their addresses. The vulnerability allowed the price of liquidity tokens to be manipulated during the migration, and hackers were able to make huge profits after the process was completed. As representatives of Team Finance emphasized, the migration function from the second to the third version of the protocol was audited, but the experts did not find a vulnerability.
The attackers managed to withdraw the assets of four projects that stored funds in the Team Finance protocol – CAW (A Hunters Dream), Dejitaru Tsuka, Kondux and Feg. CAW lost the most – hackers stole $11.5 million worth of tokens.
“We have temporarily suspended all activity through the protocol until we are sure that the vulnerability has been fixed. All funds remaining in Team Finance are not at risk,” the developers emphasized.
Interestingly, the attackers used only 1.76 ETH ($2,700) to manipulate the price of liquidity tokens. The hackers’ wallet still holds the funds from the attack, including $6.43 million in DAI stablecoin and 880 ETH ($1.36 million).
Representatives of Team Finance called on the hackers to return most of the stolen goods in exchange for a reward and promises not to prosecute the attackers. This is standard practice in such cases.
Earlier, the DeFi protocol Moola Market lost $9 million in assets during a hacker attack.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
