Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Cross-chain money market solution Midas Capital has been hacked, causing losses of more than $600,000 after an integer rounding problem in its lending protocol (derived from a fork of the well-known Compound Finance v2 codebase) was exploited. The same situation was also exploited in the previous attack on Hundred Finance. The attacker deposited 400 BNB into Tornado Cash, and some other proceeds were bridged to Ethereum. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 600,000.
- chain
- ethereum
- protocol
- Midas Capital
- bug_class
- logic
- date_occurred
- 2023-06-18
- loss_usd
- $600,000
- source_id
- sm:midas-capital::2023-06-18