ShadowFi Loses $301K In A 2-Phase Attack On Its Liquidity Pool

HomeDeFi
Share this article
Subscribe for weekly updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
According to ShadowFi’s report: “Holder funds were wiped, trust was destroyed, and everything happened on my watch. Also, without limitation, AvantGarde takes responsibility for what happened from a Solidity perspective.”

ShadowFi lost 1,078 BNB tokens in a 2-phase exploit attack that drained the DeFi platform’s liquidity pool to $0. The announcement came just a few days after the platform, earlier called DontKYC, rebranded to ShadowFi to resolve the cybersquatting case filed against it by Deloitte.

The first phase of the attack on ShadowFi’s liquidity pool was carried out on September 1, when the perpetrators utilized a “skim();” function to steal wrapped BNB tokens that were re-injected into the liquidity pools.

ShadowFi’s report claims the hacker utilized a botnet and a smart contract to trigger this exploit in not only ShadowFi’s contracts but also in several other CAKE liquidity pools.

The second phase of the attack took place on September 2, when the hacker used a “burn();” function to burn 10.3M SDF tokens in ShadowFi’s liquidity pool. Then, they re-synced the price of SDF, allowing them to swap around 8.4 SDF tokens for 1078 BNB tokens. The perpetrator laundered the assets to Tornado Cash.

Interestingly, ShadowFi states the two-pronged attack was carried out by separate groups: the first used a botnet, while the second hacker used a custom smart contract to drain ShadowFi’s liquidity pools to zero.

In response, ShadowFi contacted Binance and BSC Scan but could not re-acquire the funds as they were already embezzled through Tornado Cash. Fortunately, blockchain security firm PeckShield has identified the hacker as a NeorderDAO scammer.

“The team and I have been here for simply too long to abandon the project now. We have the team, resources, utility and drive to make it work.”

Lastly, ShadowFi assured the community that the exploit was a rug pull, as neither the developer nor ShadowFi’s associate companies were involved in the attack. 

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Written by
Ayush Pande
According to ShadowFi’s report: “Holder funds were wiped, trust was destroyed, and everything happened on my watch. Also, without limitation, AvantGarde takes responsibility for what happened from a Solidity perspective.”

ShadowFi lost 1,078 BNB tokens in a 2-phase exploit attack that drained the DeFi platform’s liquidity pool to $0. The announcement came just a few days after the platform, earlier called DontKYC, rebranded to ShadowFi to resolve the cybersquatting case filed against it by Deloitte.

The first phase of the attack on ShadowFi’s liquidity pool was carried out on September 1, when the perpetrators utilized a “skim();” function to steal wrapped BNB tokens that were re-injected into the liquidity pools.

ShadowFi’s report claims the hacker utilized a botnet and a smart contract to trigger this exploit in not only ShadowFi’s contracts but also in several other CAKE liquidity pools.

The second phase of the attack took place on September 2, when the hacker used a “burn();” function to burn 10.3M SDF tokens in ShadowFi’s liquidity pool. Then, they re-synced the price of SDF, allowing them to swap around 8.4 SDF tokens for 1078 BNB tokens. The perpetrator laundered the assets to Tornado Cash.

Interestingly, ShadowFi states the two-pronged attack was carried out by separate groups: the first used a botnet, while the second hacker used a custom smart contract to drain ShadowFi’s liquidity pools to zero.

In response, ShadowFi contacted Binance and BSC Scan but could not re-acquire the funds as they were already embezzled through Tornado Cash. Fortunately, blockchain security firm PeckShield has identified the hacker as a NeorderDAO scammer.

“The team and I have been here for simply too long to abandon the project now. We have the team, resources, utility and drive to make it work.”

Lastly, ShadowFi assured the community that the exploit was a rug pull, as neither the developer nor ShadowFi’s associate companies were involved in the attack. 

We’re glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Written by
Ayush Pande