Key Points: An exploit has occurred at Dexible, a multichain exchange aggregator. As a result, $2,000,000 worth of crypto was lost.
The study found that only a few whales were responsible for approximately 85% of the losses.
Blockchain data shows that BlockTower Capital was one of the victims. It is an investment company for digital assets.
Decentralized exchange aggregator Dexible was attacked by hackers early Friday morning. The hacker was able take assets from cryptocurrency wallets that contained funds that were authorized for use. Nine hours later, it sent a second statement claiming that it knew $2,047.635 more. The study found that only a few whales were responsible for around 85% of the losses. Dexible’s report states that the attack targeted 13 Arbitrum wallets as well as 5 Ethereum wallets. These wallets were fully mined. A post-mortem report was published in PDF format and made available on Discord at 4:00 PM UTC. The team also stated that they were currently working on a solution. The investigation revealed that an attacker had stolen more than $2 million worth cryptocurrency from users who had previously granted the app permission to transfer their tokens via the selfSwap function of the app. Users could swap one token for another by simply providing the address of a router along with the calldata. However, the code did not contain a list certifying routers. To transfer user tokens from their wallets to the attacker’s smart contract, the attacker uses this method to route a Dexible transaction to each token contract. Since the token contracts were not able to stop the counterfeit transactions, Dexible users gave permission for them to use their tokens.
“We have paused the contracts while we assess the situation.”
According to blockchain data BlockTower Capital was one of the victims. It was an investment company for digital assets. A wallet that Arkham Intelligence claimed to belong to BlockTower was emptied of nearly $1.5 million in TRU tokens. The wallet address linked with the Dexible exploiter on Etherscan was also taken. Nansen, a blockchain intelligence company, has also assigned BlockTower Capital’s address. The blockchain transactions show that the exploiter sent the TRU tokens stolen to SushiSwap to exchange them for Ethereum. They then transferred ETH to TornadoCash which is a cryptocurrency mixing service. We encourage you to do your own research before investing.Join us to keep track of news: https://linktr.ee/coincuHaroldCoincu NewsTags: Blocktower CapitalcryptoDexibleEthereumhackselfSwap