Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
On July 26, 2024, Casper Network was attacked. Following the attack, Casper Network tweeted that they had worked with validators to pause the network in order to minimize the impact of the security vulnerability until it could be patched. According to the preliminary report released by Casper Network on July 31, 13 wallets were affected in this incident. The total amount of illicit transactions is estimated to be around $6.7 million. Casper Network discovered that malicious actors exploited a vulnerability that allowed a contract installer to bypass access rights checks on urefs, enabling them to grant the contract access to uref-based resources. This privilege escalation facilitated unauthorized access, including the ability to transfer tokens. Attack method (per SlowMist): Security Vulnerability. Reported loss: $ 6,700,000.
- chain
- —
- protocol
- Casper Network
- bug_class
- access-control
- date_occurred
- 2024-07-26
- loss_usd
- $6,700,000
- source_id
- sm:casper-network::2024-07-26