Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The Social Fi project Perpy Finance was attacked. A hacker was able to update the contract and illicitly withdrew 58,489,594 PRY tokens. These were then transferred and exchanged for 41.895 ETH. According to Perpy Finance's incident analysis report, "this breach was made possible by an error in initializing the proxy contract for the staking liquid module, which was a fork of the staking vested model previously audited and used by Camelot. We overconfidently chose not to audit this fork, incorrectly considering it risk-free, a decision that led to this exploit." Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 132,000.
- chain
- —
- protocol
- Perpy Finance
- bug_class
- logic
- date_occurred
- 2024-05-06
- loss_usd
- $132,000
- source_id
- sm:perpy-finance::2024-05-06