DeFi protocol Fortress lost all funds in hack
The attackers gained access to the management using the platform’s token FTS
10.05.2022 - 12:30
394
2 min
0
What’s new? On May 9, Fortress, a DeFi protocol, was hacked, resulting in the theft of all of the platform’s funds ($3 million). The stolen cryptocurrency was diverted from the Binance Smart Chain to Ethereum and mixed using the Tornado Cash transaction mixer. This was made possible due to a decentralized autonomous organization (DAO) and the manipulation of a price oracle. The quorum votes on Fortress Credits governance contract was 400 000 FTS ($18 000 at the time of the hack). This was reported by the cybersecurity company CertiK on Twitter.
7. With these updates, the value of the attacker's collateral (FTS) was raised significantly, so the attacker was able to borrow large amounts of other tokens from the loan contracts.8. The attacker converted borrowed tokens to ETH and DAI, and sent them to @TornadoCash. 👀— CertiK Alert (@CertiKAlert) May 9, 2022
Details of the hack. The attackers needed ETH, which they obtained through Tornado Cash, to initiate the attack. After that, they were able to buy the governance tokens of the FTS protocol. The hackers then accepted proposal ID 11 which changed the collateral factor on FTS tokens within loan contracts. With the acquired governance tokens, the attackers voted for their proposal. They also added FTS to the loan contracts as collateral. After the proposal was passed, the hackers changed the collateral factor on FTS tokens within loan contracts from 0 to 700 000 000 000 000 000. They also updated the price oracle so that the value of the token would change even if no one voted to change the price. The attackers converted the tokens into 1000 ETH and 400 000 DAI and withdrew them via Tornado Cash.
What events happened before? On April 30, Saddle Finance, an exchange, lost $10 million in a hack. The attackers managed to withdraw 3540 ETH. BlockSec was able to save another $3,8 million from the hackers with its attack detection system.
At the end of April, hackers withdrew more than $80 million from the Rari Capital and Fei Protocol DeFi platforms. They exploited a re-entry vulnerability in Rari Capital’s Fuse pools lending protocol. Fei offered the attackers to keep $10 million of the stolen funds as a “reward” if the remaining funds were returned.
According to a report by the cybersecurity company CertiK, $1,67 billion was stolen from DeFi protocols in the first four months of 2022. For March, the largest amount stolen was $719,2 million. That month’s figure surpassed the total losses from hacking for all of 2020 by $200 million.
Useful material?
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024
Business
The rate exchange of the native ACH token reacted with a 10% increase
Apr 18, 2024
Market
Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million
Apr 18, 2024
Market
The platform will be non-custodial and accessible to everyone
Apr 15, 2024
Market
China Asset Management, Harvest Global Investments, and Bosera Asset Management have received permits
Apr 15, 2024