- Amount Lost: $9,400,000.00
- Funds Returned: $3,200,000.00
- Category: Other
- Date: 2020-12-28
Quick Summary
Exploit in Blacksmith contract leads to theft of $4.4 million in $COVER tokens.
Details of the Exploit
The attacker exploited the Blacksmith contract by depositing BPT tokens, and then withdrawing them along with a large amount of $COVER tokens. The attacker continued to mint and sell $COVER tokens while the vulnerability was still present. In total, the attacker stole around $4.4 million of user funds. Grap Finance Deployer also exploited the same vulnerability, minting a large amount of $COVER tokens and selling them on 1inch.exchange. They then burned the minted tokens and transferred the ETH they had gained to the deployer account.
**
**
Block Data Reference
Exploiter 1's address:
https://etherscan.io/address/0x85abf036ca922e56fed670f4d3ce53fc4ea52b95#tokentxns
Transactions involved in the exploit:
https://etherscan.io/tx/0xd721b0ef2886f14b75548b70d2d1fd82bea085ca24f5de29b833a64cfd8f7a50
https://etherscan.io/tx/0xadf27f5dd052482d46fdf69a5208a27cc7352522c7c19bbde5aee18f6ea4373b
https://etherscan.io/tx/0x66128a1685605b1798c852e14db0b0232a56e3bebf7f3f35b168642801754beb
https://etherscan.io/tx/0xf81fb72ee096e0d7afe4b99a55b723110604fb26ec82846043cfc396e1fa79da
https://etherscan.io/tx/0xca135d1c4268d6354a019b66946d4fbe4de6f7ddf0ff56389a5cc2ba695b035f
https://etherscan.io/tx/0xaf94d9b537a13819e873b37160594af2b1cc70b420d0b160a02e341566866a6b
https://etherscan.io/tx/0x01b3517845ed9c6b7b40d57bd71ac1a89fec080c5b8988f764d8226ac5caa959
https://etherscan.io/tx/0xe6c068ca3605228b2435a414f2b372057340f77d3fe9f1d3967eb1ad128cb5d2
https://etherscan.io/tx/0x23cb9bdf14eed955a84da3f3cfcf296356c0f897dec0b99e85151a7f084a3051
https://etherscan.io/tx/0xc2fd5094c1e108f83222a86bd46b35fc0da35616385d681964b22003643f982e
Proof Links: