VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
FixedFloat, a decentralized exchange, tweeted that they have encountered another attack, with hackers exploiting vulnerabilities in their third-party services. The company assured that both company and user funds remain unaffected. Attack method (per SlowMist): Third-party Vulnerability. Reported loss: $ 3,000,000.
Primary source
https://ff.io/en/blog/news/reasons-for-hacking ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- FixedFloat
- bug_class
- infrastructure
- date_occurred
- 2024-03-31
- loss_usd
- $3,000,000
- source_id
- sm:fixedfloat::2024-03-31
Related — same bug class· infrastructure