NewsBestReviews

ShadowFi Loses $301K In A 2-Phase Attack On Its Liquidity Pool

ShadowFi lost 1,078 BNB tokens in a 2-phase exploit attack that drained the DeFi platform’s liquidity pool to $0.
DeFi
Dot
September 4, 2022
Ayush Pande

As a tech enthusiast who's always on the prowl for the latest developments concerning crypto and hardware, you can find him covering news stories or tinkering with PCs.

in
TABLE OF CONTENTS
According to ShadowFi’s report: “Holder funds were wiped, trust was destroyed, and everything happened on my watch. Also, without limitation, AvantGarde takes responsibility for what happened from a Solidity perspective.”

ShadowFi lost 1,078 BNB tokens in a 2-phase exploit attack that drained the DeFi platform’s liquidity pool to $0. The announcement came just a few days after the platform, earlier called DontKYC, rebranded to ShadowFi to resolve the cybersquatting case filed against it by Deloitte.

The first phase of the attack on ShadowFi’s liquidity pool was carried out on September 1, when the perpetrators utilized a “skim();” function to steal wrapped BNB tokens that were re-injected into the liquidity pools.

ShadowFi’s report claims the hacker utilized a botnet and a smart contract to trigger this exploit in not only ShadowFi’s contracts but also in several other CAKE liquidity pools.

The second phase of the attack took place on September 2, when the hacker used a “burn();” function to burn 10.3M SDF tokens in ShadowFi’s liquidity pool. Then, they re-synced the price of SDF, allowing them to swap around 8.4 SDF tokens for 1078 BNB tokens. The perpetrator laundered the assets to Tornado Cash.

Interestingly, ShadowFi states the two-pronged attack was carried out by separate groups: the first used a botnet, while the second hacker used a custom smart contract to drain ShadowFi’s liquidity pools to zero.

In response, ShadowFi contacted Binance and BSC Scan but could not re-acquire the funds as they were already embezzled through Tornado Cash. Fortunately, blockchain security firm PeckShield has identified the hacker as a NeorderDAO scammer.

“The team and I have been here for simply too long to abandon the project now. We have the team, resources, utility and drive to make it work.”

Lastly, ShadowFi assured the community that the exploit was a rug pull, as neither the developer nor ShadowFi’s associate companies were involved in the attack. 

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Hacking
Tornado Cash
ShadowFi
Binance
The trusted provider of rates and financial information
Latest
Stablecoin Interest RatesCrypto Interest RatesCrypto Staking RewardsCrypto Lending RatesStablecoin Lending RatesStablecoin Staking Rewards
Best
Crypto Staking PlatformsCrypto Savings AccountsCrypto Lending PlatformsCrypto ExchangesCrypto Debit Cards
Learn
StakingCrypto LendingCrypto Loans
Company
Become a partnerCareersContact usAboutBytesDeveloper API
AI JobsPromptPalBecome a partnerContact usLegalPrivacySitemapCareersAbout
Get crypto smart in 5 minutes
Join readers from Coinbase, a16z, Binance, Uniswap, Sequoia and more for the latest staking rewards, tips, insights and news.
No spam, unsubscribe anytime. Read our Privacy Policy.
YOUR SUBSCRIPTION WAS SUCCESSFUL
Oops! Something went wrong while submitting the form.
© 2024 Bitcompare
PolicyTerms of UseSitemap

Bitcompare.net is a trading name of Tokentalk Ltd. Registered in England No. 11332964. Registered Office: Unit 3 Mitcham Industrial Estate, 85 Streatham Road, Mitcham, United Kingdom, CR4 2AP.

Advertiser disclosure: Bitcompare is a comparison engine that relies on advertising for funding. The business opportunities that can be found on this site are offered by companies with which Bitcompare has made deals. This relationship may affect the way and where products appear on the site, such as in what order they are listed in categories. Information about products may also be placed based on other factors, such as the ranking algorithms on our website. Bitcompare does not look at or list all companies or products on the market.

Editorial disclosure: The editorial content on Bitcompare is not provided by any of the companies mentioned, and has not been reviewed, approved, or otherwise endorsed by any of these entities. The opinions expressed here are the author’s alone. Additionally, the opinions expressed by the commenters do not necessarily reflect those of Bitcompare or its staff. When you leave a comment on this site, it will not show up until a Bitcompare administrator approves it.

Warning: The price of digital assets can be volatile. The value of your investment can go down or up, and you may not get back the amount invested. You are the only one who is responsible for the money you invest, and Bitcompare is not responsible for any losses you might have. Any APR shown is a rough estimate of how much cryptocurrency you will earn in rewards over the time period you choose. It does not display the actual or predicted returns or yields in any fiat currency. The APR is adjusted daily, and the estimated rewards may differ from the actual rewards generated. The information on this page is not meant to be a sign from Bitcompare that the information is correct or reliable. Before making any investment, you should carefully consider your investment experience, financial situation, investment objectives, and risk tolerance, and consult with an independent financial advisor. Links to third-party sites are not under the control of Bitcompare, and we are not responsible for the reliability or accuracy of such sites or their contents. For more information, see the Terms of Service for Bitcompare and our Risk Warning.

NewsBestReviews
DeFi
September 4, 2022

ShadowFi Loses $301K In A 2-Phase Attack On Its Liquidity Pool

HomeDeFi
Blog Post
Contents
According to ShadowFi’s report: “Holder funds were wiped, trust was destroyed, and everything happened on my watch. Also, without limitation, AvantGarde takes responsibility for what happened from a Solidity perspective.”

ShadowFi lost 1,078 BNB tokens in a 2-phase exploit attack that drained the DeFi platform’s liquidity pool to $0. The announcement came just a few days after the platform, earlier called DontKYC, rebranded to ShadowFi to resolve the cybersquatting case filed against it by Deloitte.

The first phase of the attack on ShadowFi’s liquidity pool was carried out on September 1, when the perpetrators utilized a “skim();” function to steal wrapped BNB tokens that were re-injected into the liquidity pools.

ShadowFi’s report claims the hacker utilized a botnet and a smart contract to trigger this exploit in not only ShadowFi’s contracts but also in several other CAKE liquidity pools.

The second phase of the attack took place on September 2, when the hacker used a “burn();” function to burn 10.3M SDF tokens in ShadowFi’s liquidity pool. Then, they re-synced the price of SDF, allowing them to swap around 8.4 SDF tokens for 1078 BNB tokens. The perpetrator laundered the assets to Tornado Cash.

Interestingly, ShadowFi states the two-pronged attack was carried out by separate groups: the first used a botnet, while the second hacker used a custom smart contract to drain ShadowFi’s liquidity pools to zero.

In response, ShadowFi contacted Binance and BSC Scan but could not re-acquire the funds as they were already embezzled through Tornado Cash. Fortunately, blockchain security firm PeckShield has identified the hacker as a NeorderDAO scammer.

“The team and I have been here for simply too long to abandon the project now. We have the team, resources, utility and drive to make it work.”

Lastly, ShadowFi assured the community that the exploit was a rug pull, as neither the developer nor ShadowFi’s associate companies were involved in the attack. 

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Hacking
Tornado Cash
ShadowFi
Binance
Ayush Pande

As a tech enthusiast who's always on the prowl for the latest developments concerning crypto and hardware, you can find him covering news stories or tinkering with PCs.

in
According to ShadowFi’s report: “Holder funds were wiped, trust was destroyed, and everything happened on my watch. Also, without limitation, AvantGarde takes responsibility for what happened from a Solidity perspective.”

ShadowFi lost 1,078 BNB tokens in a 2-phase exploit attack that drained the DeFi platform’s liquidity pool to $0. The announcement came just a few days after the platform, earlier called DontKYC, rebranded to ShadowFi to resolve the cybersquatting case filed against it by Deloitte.

The first phase of the attack on ShadowFi’s liquidity pool was carried out on September 1, when the perpetrators utilized a “skim();” function to steal wrapped BNB tokens that were re-injected into the liquidity pools.

ShadowFi’s report claims the hacker utilized a botnet and a smart contract to trigger this exploit in not only ShadowFi’s contracts but also in several other CAKE liquidity pools.

The second phase of the attack took place on September 2, when the hacker used a “burn();” function to burn 10.3M SDF tokens in ShadowFi’s liquidity pool. Then, they re-synced the price of SDF, allowing them to swap around 8.4 SDF tokens for 1078 BNB tokens. The perpetrator laundered the assets to Tornado Cash.

Interestingly, ShadowFi states the two-pronged attack was carried out by separate groups: the first used a botnet, while the second hacker used a custom smart contract to drain ShadowFi’s liquidity pools to zero.

In response, ShadowFi contacted Binance and BSC Scan but could not re-acquire the funds as they were already embezzled through Tornado Cash. Fortunately, blockchain security firm PeckShield has identified the hacker as a NeorderDAO scammer.

“The team and I have been here for simply too long to abandon the project now. We have the team, resources, utility and drive to make it work.”

Lastly, ShadowFi assured the community that the exploit was a rug pull, as neither the developer nor ShadowFi’s associate companies were involved in the attack. 

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Written by
Ayush Pande
Hacking
Tornado Cash
ShadowFi
Binance

BlueBenx Suspends Withdrawals Following $32M Hack

Crypto lending
August 14, 2022
Brazilian crypto lending company, BlueBenx halts all crypto withdrawals after a recent hack.

Blockchain Investigator Claims Ronin Bridge Hackers Moved $625M To Bitcoin Network

Bitcoin
August 22, 2022
The perpetrators behind one of the largest crypto hacks allegedly used Tornado Cash as one of the several means to conceal the transactions and transfer the $625M worth of USDC and Ethereum tokens to the Bitcoin network.

Curve Finance Loses Over $520K After DNS Hijack

DeFi
August 9, 2022
The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end.

Bitcoin ATM Company Under Attack By Hackers Leveraging The Zero-Day Bug

Bitcoin
August 22, 2022
General Bytes-owned ATMs have been exploited by hackers who remotely created an admin user account to steal funds.

Solana developers alleviate network congestion issues with latest update

Altcoins
April 15, 2024
After weeks of network congestion issues on the Solana blockchain, the developers have finally introduced a series of fixes with update 1.17.31.

Bitcoin Cash prices crash following halving event

Altcoins
April 12, 2024
Just a week after its halving event, Bitcoin Cash experienced a sharp decline in its prices.

Ethereum developers reveal key details about Pectra upgrade

Ethereum
April 12, 2024
In a recent Execution Layer meeting, the Ethereum developers revealed important EIPs that will be added to the upcoming Pectra update. 

Uniswap responds to SEC’s Wells notice

Crypto regulation
April 11, 2024
Uniswap revealed that the SEC issued a Wells notice to the firm, citing that the regulatory body warns of potential enforcement action against the crypto exchange.

Circle deploys Web3 services on Solana

Stablecoins
April 10, 2024
Stablecoin issuer Circle announced its plans to bring Web3 services to the Solana (SOL) ecosystem.

Crypto.com secures full operational license in Dubai

Crypto exchanges
April 9, 2024
Crypto.com has obtained full operational approval from the Virtual Assets Regulatory Authority (VARA), the regulatory body that oversees virtual assets in Dubai.

1inch Network releases Web3 debit card

Crypto exchanges
April 9, 2024
Decentralized exchange 1inch Network has launched a crypto debit card in collaboration with Mastercard and Crypto Life.

Coinbase secures Restricted Dealer authorization in Canada

Crypto exchanges
April 5, 2024
Coinbase has received a Restricted Dealer license from the Canadian Securities Administrators (CSA), making it the first international exchange to register with the Canadian authorities.

Aave community considers adjusting the risk parameters of Dai

Stablecoins
April 3, 2024
The Aave community has sought to update the risk parameters of MakerDAO’s Dai stablecoin to minimize the potential risks associated with the token’s issuance policy.

What is Tezos? Your Essential Guide

What is
March 29, 2024
What is Tezos? Tezos is an open-source blockchain platform known for its on-chain governance and self-amendment capability, setting a new precedent in the digital ledger space.

What is Arweave? Your Essential Guide

What is
March 29, 2024
Arweave stands out as a novel data storage platform that guarantees your digital content remains accessible indefinitely.

What is Dogwifhat? Your Essential Guide

What is
March 29, 2024
What is Dogwifhat? It’s a new entrant in the meme coin market, making a splash with its viral Shiba Inu mascot in a pink hat.
The trusted provider of rates and financial information
Latest
Stablecoin Interest RatesCrypto Interest RatesCrypto Staking RewardsCrypto Lending RatesStablecoin Lending RatesStablecoin Staking Rewards
Best
Crypto Staking PlatformsCrypto Savings AccountsCrypto Lending PlatformsCrypto ExchangesCrypto Debit Cards
Learn
StakingCrypto LendingCrypto Loans
Company
Become a partnerCareersContact usAboutBytesDeveloper API
AI JobsPromptPalBecome a partnerContact usLegalPrivacySitemapCareersAbout
Get crypto smart in 5 minutes
Join readers from Coinbase, a16z, Binance, Uniswap, Sequoia and more for the latest staking rewards, tips, insights and news.
No spam, unsubscribe anytime. Read our Privacy Policy.
YOUR SUBSCRIPTION WAS SUCCESSFUL
Oops! Something went wrong while submitting the form.
© 2024 Bitcompare
PolicyTerms of UseSitemap

Bitcompare.net is a trading name of Tokentalk Ltd. Registered in England No. 11332964. Registered Office: Unit 3 Mitcham Industrial Estate, 85 Streatham Road, Mitcham, United Kingdom, CR4 2AP.

Advertiser disclosure: Bitcompare is a comparison engine that relies on advertising for funding. The business opportunities that can be found on this site are offered by companies with which Bitcompare has made deals. This relationship may affect the way and where products appear on the site, such as in what order they are listed in categories. Information about products may also be placed based on other factors, such as the ranking algorithms on our website. Bitcompare does not look at or list all companies or products on the market.

Editorial disclosure: The editorial content on Bitcompare is not provided by any of the companies mentioned, and has not been reviewed, approved, or otherwise endorsed by any of these entities. The opinions expressed here are the author’s alone. Additionally, the opinions expressed by the commenters do not necessarily reflect those of Bitcompare or its staff. When you leave a comment on this site, it will not show up until a Bitcompare administrator approves it.

Warning: The price of digital assets can be volatile. The value of your investment can go down or up, and you may not get back the amount invested. You are the only one who is responsible for the money you invest, and Bitcompare is not responsible for any losses you might have. Any APR shown is a rough estimate of how much cryptocurrency you will earn in rewards over the time period you choose. It does not display the actual or predicted returns or yields in any fiat currency. The APR is adjusted daily, and the estimated rewards may differ from the actual rewards generated. The information on this page is not meant to be a sign from Bitcompare that the information is correct or reliable. Before making any investment, you should carefully consider your investment experience, financial situation, investment objectives, and risk tolerance, and consult with an independent financial advisor. Links to third-party sites are not under the control of Bitcompare, and we are not responsible for the reliability or accuracy of such sites or their contents. For more information, see the Terms of Service for Bitcompare and our Risk Warning.