Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Punk Protocol, the decentralized annuity protocol, stated that it encountered an attack during the fair launch process, causing a loss of 8.9 million US dollars. Later, the team recovered another 4.95 million US dollars and transferred it to a secure wallet. The Punk Protocol team stated that the attacker found a critical loophole in the investment strategy and extracted more than 8.9 million U.S. dollars of three stable currency assets (USDC, USDT, DAI) from the Forge-CompoundModel module, but a white hat hacker noticed The attacker's intent was reached, so a transaction was executed, which was able to recover $4.95 million. The lost funds have been transferred to the Ethereum currency mixing platform Tornado.cash, so it is difficult to keep track of them. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 3,950,000.
- chain
- ethereum
- protocol
- Punk Protocol
- bug_class
- logic
- date_occurred
- 2021-08-11
- loss_usd
- $3,950,000
- source_id
- sm:punk-protocol::2021-08-11