Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
SpiritSwap tweeted that the front-end server placed on AWS was compromised by hackers, the website was tampered with parameters, and $18,000 was currently stolen. According to official postmortem analysis, the attackers contacted GoDaddy and began a social engineering attack on one of its employees. After gaining access to the account, the attackers proceeded to modify DNS settings and change all credentials, effectively hijacking access and Take ownership for yourself. After securing access to the SpiritSwap domain, the attackers then proceeded to deploy a phishing site tricked into appearing to be SpiritSwap. The attacker then uses the "send to" function in the exchange contract to reroute any funds exchanged by the user to the attacker's address. Attack method (per SlowMist): Malicious Code Injection Attack. Reported loss: $ 18,000.
- chain
- —
- protocol
- SpiritSwap
- bug_class
- infrastructure
- date_occurred
- 2022-05-14
- loss_usd
- $18,000
- source_id
- sm:spiritswap::2022-05-14