Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The ownlyio project's NFTStaking contract was attacked, with a total of 115 BNB stolen and a loss of about $36,418. The reason for this attack is that the unstake function of the pledge contract of the ownio project does not check the user's claim status, so the attacker can use the unstake function to receive the own tokens in the contract infinitely, thereby extracting all the own tokens in the pledge contract, and finally the attacker The acquired owned tokens are exchanged for 115 BNB through the pair transaction. Attack method (per SlowMist): Contract Vulnerability. Reported loss: 115 BNB.
- chain
- —
- protocol
- OWNLY
- bug_class
- logic
- date_occurred
- 2022-05-10
- loss_usd
- —
- source_id
- sm:ownly::2022-05-10