Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The UvTokenWallet Eco Staking mining pool contract was hacked. The key reason for the vulnerability is that the mining pool contract withdrawal function does not strictly judge the user input, so that the attacker can directly pass in the malicious contract address and use the malicious contract to empty the relevant funds. SlowMist MistTrack conducted a traceability analysis of the funds: so far, hackers have transferred a total of 5,011 BNB of profit to Tornado Cash. In addition, the source of the attack fee is also Tornado Cash. Attack method (per SlowMist): Contract Vulnerability. Reported loss: 5,011 BNB.
- chain
- —
- protocol
- UvToken
- bug_class
- logic
- date_occurred
- 2022-10-27
- loss_usd
- —
- source_id
- sm:uvtoken::2022-10-27