Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Hackers exploited a vulnerability in the Dexible smart contract code to withdraw funds from crypto wallets using funds approved for spending. The team added that "a small number of whales" lost 85% of the funds stolen in the attack. Data on the chain shows that Block Tower Capital, a digital asset investment company, was one of the victims. The address labeled Block Tower Capital had $1.5 million worth of TRU tokens stolen in this incident. The attackers transferred TRU tokens to SushiSwap for ether (ETH) and then to TornadoCash. Attack method (per SlowMist): Affected by Dexible events. Reported loss: $ 1,500,000.
- chain
- —
- protocol
- Block Tower Capital
- bug_class
- unknown
- date_occurred
- 2023-02-18
- loss_usd
- $1,500,000
- source_id
- sm:block-tower-capital::2023-02-18