Sirwin
Sirwin

How did he transform 0.001 ETH into 86.68 ETH? (+81 000 %) !

By AtipikNews | Atipik | 31 Jan 2021


 

How to transform ~ $1,30 into +$110'000 ?🤔

 

As the crypto-media Rekt explains here, a hacker discovered and exploited a security flaw in a low liquidity pool on SushiSwap.

More specifically, this is the pool concerning the DIGG token of the Badger CAD project. The hacker managed to appropriate all transaction costs generated by the pool for 24 hours.

This is a cost that all the liquidity providers in the pool would normally have had to share between them.

Using only 0.001 ether (~$1.30 at the time), the pirate managed to divert to his account 81.68 ethers, a heist of just over $112,600 at the current rate!

As can be seen in the transaction in question below, the individual transformed his small initial ether bet into a DIGG token, then into a Wrapped BTC (WBTC, the ETH tokenized version of the BTC), before recovering his larceny in Wrapped ETH.

 

transaction

 

 

Are SushiSwap's billions of dollars in cash well secured?

 

Rekt explains that this is an old flaw, for which a patch had already been developed.

The problem is that this patch has to be applied manually on each new pool, and obviously the DIGG/WBTC pool in question did not receive this patch in time.

hacker

 

But the situation could have been much more dramatic according to Rekt :

After further research, we discovered that although there was this rift exploitation, the damage was contained, and what had been perceived as a threat to the entire SushiSwap protocol was simply the work of a clever scavenger who picked up crumbs that were still available.

The conversation the Rekt team had about Discord with SushiSwap was not reassuring. They claim not to automate the application of the patch. Thus, the risk of forgetting is very present.

However, the incident should have served as a warning, as Rekt explains:

This story reminds us that the protocols are constantly monitored by hackers (...), who follow their every move and try to pick their pockets (...).

Unfortunately, there is very little chance that this new fault mining will be the last. Let's hope that they will remain circumscribed, and that the increasingly huge sums invested in these decentralised protocols will not be affected catastrophically.

 


Thank you all for your support and feedback!

Don't forget to tips and follow 😄

 

Sources:

1. Rekt

How do you rate this article?

107


AtipikNews
AtipikNews

Good news, bad news, ALL NEWS !🚀


Atipik
Atipik

Good news, bad news, ALL NEWS!

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.