VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
$1.5 million was stolen from the liquidity pool on the Blast network’s gaming platform YOLO Games. The root cause was the lack of permission checks in the "exitPool" function, allowing anyone to impersonate liquidity providers and drain the pool. The attack was carried out by a white hat hacker, who returned 353 ETH (90% of the stolen funds), approximately $1.27 million. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 1,500,000.
Primary source
https://x.com/shoucccc/status/1800353122159833195 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- YOLO Games
- bug_class
- logic
- date_occurred
- 2024-06-10
- loss_usd
- $1,500,000
- source_id
- sm:yolo-games::2024-06-10
Related — same bug class· logic