Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
DeFi oracle Umbrella Network’s Ethereum and BNB Chain (formerly BSC) reward pools were hacked, resulting in the hackers earning around $700,000. The hacker was able to succeed because of an unchecked vulnerability in withdraw() , so anyone could withdraw any amount of funds without having any balance. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 700,000.
- chain
- ethereum
- protocol
- Umbrella Network
- bug_class
- oracle
- date_occurred
- 2022-03-20
- loss_usd
- $700,000
- source_id
- sm:umbrella-network::2022-03-20