Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
At the time of the attack, the attacker was fully prepared. Before the attack the hacker has moved funds needed for gas through the Celer Network cBridge. 15 minutes later the attacker deployed the contract that was used to drain funds from OneRing. This contract has been self-destructed however we are already working with node providers in order to get the information of the block where the contract was deployed. We believe we can find the bytecode, decompile it and at least have a brief idea on how this contract was structured. Reported loss: $1,400,000.
- chain
- multichain
- protocol
- One Ring Finance
- bug_class
- unknown
- date_occurred
- 2022-03-21
- loss_usd
- $1,400,000
- source_id
- cs:one-ring-finance::2022-03-21