VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Starstream Finance and Agora DeFi projects under attack. Attackers exploited a vulnerability in Starstream to siphon tokens from the protocol, then used the tokens as collateral to obtain large loans from Agora. The Starstream hack was achieved through an unprotected execute function in its DistributorTreasury contract, which is marked as an external function and can be used to call external functions. In total, the attackers borrowed about $8.2 million worth of tokens from Agora. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 4,000,000.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Starstream Finance & Agora
- bug_class
- logic
- date_occurred
- 2022-04-08
- loss_usd
- $4,000,000
- source_id
- sm:starstream-finance-agora::2022-04-08
Related — same bug class· logic