The Shido blockchain, a layer-1 proof-of-stake project, has been hit by an exploit that saw billions of its native token, Shido, siphoned away.
This incident led to the Shido token plummeting by 94% in value within just 30 minutes.
Over 4.3 Billion Tokens Lost in Exploit
According to reports from blockchain security firm PeckShield, the attack resulted in the loss of over 4.3 billion Shido tokens. This accounted for nearly half of its circulating supply, which had a value of approximately $35 million before the price collapse.
Hi @ShidoGlobal There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function. This hidden function is then called to withdraw all 4,353,473,223.864904 $SHIDO.
Here are related txs:
– owner… https://t.co/TZ6oMDGwMG pic.twitter.com/VGZtyg9PEf— PeckShield Inc. (@peckshield) February 29, 2024
The exploit was first brought to light by PeckShield, who alerted its followers in a Feb. 29 X post detailing how an attacker managed to gain control of Shido’s Ethereum staking contract. Subsequently, the exploiter transferred the contract to another address, where it was then upgraded with a hidden function enabling the withdrawal of staked tokens.
According to its website, Shido, an Ethereum-based ERC-20 token, offers investors the opportunity to stake their coins on the project’s decentralized exchange (DEX) and earn an 8% annual yield. It had been gearing up for its mainnet launch, with an announcement set for the week following the attack.
In the aftermath of the exploit, Shido’s token price has recovered slightly and sits currently at $0.002056, down by 74.6% within the last 24 hours, according to CoinGecko data.
Multi-Bridge Funding Trail
ZachXBT, an on-chain investigator, disclosed that the attacker’s address was first funded with crypto bridged from Layerswap, a cross-chain protocol, and then from the Arbitrum blockchain.
So the address was funded via Across on Arbitrum and that was funded via Layerswap by this persons ENS.
I think they were hacked as well though bc their assets were suddenly transferred before funding the exploiter. pic.twitter.com/6Da2ybKuFY
— ZachXBT (@zachxbt) February 29, 2024
They also claimed to have identified the real identity of the wallet owner responsible for funding the exploiter. However, this individual also appeared to have fallen victim to hacking, as their assets were swiftly transferred before being used to fund the attack.
Another user, known as “Wazz,” also shed light on the exploit’s funding mechanism, noting that the attacker used multiple bridges to carry out the exploit. They stated that despite efforts to track the stolen funds, it seems the trail went cold, prompting warnings against purchasing Shido tokens while the attacker still retains control of a large portion of them.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
Credit: Source link