VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
$MAD was hacked, and the hacker transferred all $MAD in the contract by directly calling the transfer function of the contract holding the token, and finally made a profit of $556 BNB (worth about $115,681), which was then transferred to Tornado.Cash. The reason is that the sensitive function was not checked in the contract that holding tokens, resulting in anyone can directly call the 0x9763a894 function to transfer out the tokens held in the contract. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 115,681.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- MAD
- bug_class
- logic
- date_occurred
- 2022-06-30
- loss_usd
- $115,681
- source_id
- sm:mad::2022-06-30
Related — same bug class· logic