Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The perpetual DEX El Dorado Exchange (EDE) is suspected to have been attacked with losses of about $580,000, and an address has been sending small amounts of money to Arbitrum's ELP-1 pool and withdrawing large amounts immediately afterwards. The attacker claimed that the protocol backdoor allowed the developer to force the liquidation of any positions and would return the funds if the developer admitted to price manipulation. 334,000 USDC were returned by the attacker on May 30. By May 31, the attackers had returned more than $400,000 in stolen funds. Dorado revealed that the attackers charged 10% of the stolen funds as a fee when returning them. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 580,000.
- chain
- arbitrum
- protocol
- EDE
- bug_class
- oracle
- date_occurred
- 2023-05-30
- loss_usd
- $580,000
- source_id
- sm:ede::2023-05-30