Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Coingecko researcher Daryllautk tweeted that VETH suffered a hacker attack on the decentralized exchange Uniswap. The hacker stole 919,299 VETH (worth $900,000) using only 0.9ETH. After the attack, VETH officially stated that the contract was used by the UX improvement it placed in transferForm(), which was their fault. They will redeploy vether4 and will compensate all affected Uniswap pledgers. This attack mainly uses the visibility of the changeExcluded function in the contract to be external and there is no permission restriction. The user can directly make external calls to create the necessary conditions for the attack. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 900,000.
- chain
- —
- protocol
- VETH
- bug_class
- logic
- date_occurred
- 2020-07-01
- loss_usd
- $900,000
- source_id
- sm:veth::2020-07-01