Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to previous news, starting from 11:28 UTC on May 14th, the flash.sx flash loan smart contract suffered a reentry attack vulnerability, and approximately 1.2 million EOS and 462,000 USDT were stolen. According to official sources, after EOS Nation's Lightning Loan was hacked, the project party initiated a proposal to directly change the hacker's EOS account permissions and return the assets. It is reported that the proposal initiated by the project party changed the hacker address authority to BP, which will be executed after approval. Attack method (per SlowMist): Reentrancy Attack. Reported loss: $ 11,742,000.
- chain
- —
- protocol
- flash.sx
- bug_class
- reentrancy
- date_occurred
- 2021-05-14
- loss_usd
- $11,742,000
- source_id
- sm:flash-sx::2021-05-14