Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Fantom’s on-chain synthetic asset protocol, Fantasm Finance, posted on social media that its FTM collateral reserves had been exploited, and called on users to exchange their XFTM immediately. After exploiting the vulnerability, the hacker exchanged all the profits for ETH, and used Tornado.cash to mix coins across the chain to the Ethereum main network. According to statistics, the hacker made a profit of 1,007 ETH (about 2.73 million US dollars). Attack method (per SlowMist): Contract Vulnerability. Reported loss: 1,007 ETH.
- chain
- ethereum
- protocol
- Fantasm Finance
- bug_class
- logic
- date_occurred
- 2022-03-10
- loss_usd
- —
- source_id
- sm:fantasm-finance::2022-03-10