Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The Ethereum 2.0 staking solution SharedStake released an attacked report, stating that the reason the SharedStake token was minted before the official launch was due to the use of vulnerabilities in time-locked contracts (that is, smart contracts that perform certain operations at a fixed time) by internal personnel. The vulnerability was submitted to the team by the white hat Lucash-dev on April 26. Because a team member had permission to view the vulnerability, he used the vulnerability to cast a value of about 50 on the main network four times on June 19 and 23. Ten thousand USD tokens were sold and mortgaged after the official launch. Although there is not enough evidence, the core members of SharedStake suspect that it was the work of a new team member. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 500,000.
- chain
- ethereum
- protocol
- SharedStake
- bug_class
- logic
- date_occurred
- 2021-06-24
- loss_usd
- $500,000
- source_id
- sm:sharedstake::2021-06-24