- A popup warning regarding the attack has been shown on the Dexible front end.
- One of the founders had 50,000 USD worth of cryptocurrency mysteriously removed.
According to a post-mortem report published by the Dexible team on the project’s official Discord channel on February 17. The multichain exchange aggregator was breached, resulting in the loss of $2 million worth of cryptocurrencies. From 6:35 pm UTC on February 17, a popup warning regarding the attack has been shown on the Dexible front end.
They announced their discovery of a possible hack on Dexible v2 contracts at 6:17 am UTC. And said they were looking into it. After waiting for around nine hours, it issued a second statement saying, “$2,047,635.17 was exploited from 17 trader addresses. 4 on mainnet, 13 on arbitrum.” Furthermore, around 4:00 UTC, a PDF file detailing the incident was uploaded to Discord. And the team said that they were currently working on a remediation strategy.
SelfSwap Function Exploit
Moreover, according to the report, the crew knew something was off. When one of the founders had 50,000 USD worth of cryptocurrency mysteriously removed from his wallet. The researchers discovered that an attacker had transferred over $2 million worth of cryptocurrency from users who had enabled the app to move their tokens using the selfSwap feature.
Furthermore, tokens might be exchanged with the use of the selfSwap function by entering the desired token and the router’s address or calldata. Contrarily, the code did not provide a list of validated routers.
The attacker then exploited this capability to send a transaction from Dexible to each token contract, transferring tokens from user wallets into the attacker’s own smart contract. Token contracts did not prevent these illicit transactions since they originated from Dexible, which customers had already approved for token spending.
Recommended For You: