OP 13 March, 2022 - 03:08 PM
The hacker exploited a vulnerability in the smart contract of the Fantom Fantasm Finance decentralized financial service and withdrew 1,007 ethers.
On Wednesday, March 9, the Fantasm Finance DeFi project team reported on Twitter about a hacker attack and asked all users to collect locked XFTM tokens, as well as transfer tokens from the liquidity pool in order to avoid losses:
“Our FTM collateral reserve has been hacked, currently 1,820,012 FTM pool balances to be redeemed.”
Alpha Finance engineer Nipun Pitimanaaree studied the traces of the hack and statedthat the attackers who attacked the platform used an exploit in the Fantasm Mint smart contract and were able to issue a huge amount of Fantasm XFTM (XFTM) tokens using Fantasm FSM tokens.
Pitimanaari added that the criminals initially used 50 FTM tokens, which are the backing of the Fantasm project. Then, using larger volumes of tokens, they exchanged tokens for 1,007 ethers (about $2.6 million). After that, the attackers moved the ethers to a certain wallet and laundered the stolen assets using the TornadoCash mixer.
According to cybersecurity experts, several users have followedexample of unknown hackers and took advantage of the Fantasm Mint smart contract vulnerability. They withdrew the vast majority of the remaining tokens from the pool. The exact amount of damage is not yet known, but it should exceed the initial amount of $2.6 million.
On Thursday, March 10, the Fantasm team notified site users via Twitter about the development of a compensation plan for stolen funds. Full details of the hack should be released soon. However, Pitimanaari warned users that there could still be vulnerabilities in the smart contracts of the project
On Wednesday, March 9, the Fantasm Finance DeFi project team reported on Twitter about a hacker attack and asked all users to collect locked XFTM tokens, as well as transfer tokens from the liquidity pool in order to avoid losses:
“Our FTM collateral reserve has been hacked, currently 1,820,012 FTM pool balances to be redeemed.”
Alpha Finance engineer Nipun Pitimanaaree studied the traces of the hack and statedthat the attackers who attacked the platform used an exploit in the Fantasm Mint smart contract and were able to issue a huge amount of Fantasm XFTM (XFTM) tokens using Fantasm FSM tokens.
Pitimanaari added that the criminals initially used 50 FTM tokens, which are the backing of the Fantasm project. Then, using larger volumes of tokens, they exchanged tokens for 1,007 ethers (about $2.6 million). After that, the attackers moved the ethers to a certain wallet and laundered the stolen assets using the TornadoCash mixer.
According to cybersecurity experts, several users have followedexample of unknown hackers and took advantage of the Fantasm Mint smart contract vulnerability. They withdrew the vast majority of the remaining tokens from the pool. The exact amount of damage is not yet known, but it should exceed the initial amount of $2.6 million.
On Thursday, March 10, the Fantasm team notified site users via Twitter about the development of a compensation plan for stolen funds. Full details of the hack should be released soon. However, Pitimanaari warned users that there could still be vulnerabilities in the smart contracts of the project
