Team Finance hacker returns $7M to associated projects after exploit

Published at: Oct. 31, 2022

Four projects have received some $7 million worth of tokens from the hacker behind the $14.5 million Team Finance exploit on Oct. 27. Over the weekend, the attacker confirmed in a series of messages that they would keep 10% of the stolen fund as a bounty and return the other tokens to the affected projects.

The exploiter — a self-described “whitehat” — drained assets from Team Finance through the Uniswap v2-to-v3 migration. As reported by Cointelegraph, liquidity from Uniswap v2 assets on Team Finance were transferred to an attacker-controlled v3 pair with skewed pricing, explained the blockchain security firm PeckShield.

The stolen funds included USD Coin (USDC), CAW, TSUKA and KNDA tokens. Some of the affected tokens, such as CAW, suffered steep price declines due to the exploit and subsequent liquidity crunch. 

On Oct. 30, Kondux, a nonfungible token (NFT) marketplace, announced it received 95% of the stolen funds, or 209 Ether (ETH), while Feg Token recovered 548 ETH. Tsuka’s blockchain protocol also confirmed receiving over $765,000 worth of the stablecoin Dai (DAI) and 11.8 million TSUKA. Caw Coin — the biggest victim of the exploit — received back $5 million worth of DAI and 74.6 billion of its native token, CAW.

We're thrilled to announce we have received 95% of the exploited ETH back!Please bear with us in the coming 48 hours ⏳ as we await the $KNDX to return so we can plan our next move forward. ⏩ Massive thanks to the community for their unwavering support $FEG $CAW $TSUKA

— Kondux (@Kondux_KNDX) October 30, 2022

On Twitter, the protocol urged the hacker to get in contact for a bounty payment. According to Team Finance, its smart contract had been previously audited, and developers had temporarily halted all activity on the protocol. The company was founded in 2020 by TrustSwap, which provides token liquidity locking and vesting services to project executives. The protocol claimed to have $3 billion secured across 12 blockchains.

The exploit followed the Mango Markets attack on Oct. 11, when a hacker manipulated the value of the platform’s native token, MNGO, to achieve higher prices. The attacker then took out significant loans against the inflated collateral, draining Mango’s treasury.

After a proposal on Mango’s governance forum was approved, the hacker was allowed to keep $47 million as a “bug bounty,” while $67 million was sent back to the treasury.

Tags
Related Posts
​​Cream Finance DeFi platform loses $19M in a flash loan hack
Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a severe exploit, with a hacker stealing nearly $19 million from its platform. An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp token, according to an investigation by blockchain security firm PeckShield. Announcing the news Monday, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the Amp token. “No other markets were affected,” Cream Finance stated. C.R.E.A.M. v1 market on …
Decentralization / Aug. 30, 2021
Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack
Major decentralized finance protocol Yearn.Finance (YFI) has restored its yDAI vault in the aftermath of a $11 million exploit by hackers. Yearn announced Tuesday that they opened a Maker vault with YFI tokens from the treasury and minted 9.7 million DAI tokens from the vault to keep the yDAI vault intact. Using borrowed money allows the project to reimburse users without taking a hit to the treasury, either due to possible YFI appreciation or by gradually repaying the debt with protocol revenue. The team said that this is a one-off occurrence, as they expect users to hedge their own risks …
Technology / Feb. 9, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot
Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million. On Saturday, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a “no questions asked” commitment. We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To …
Blockchain / May 1, 2022
Lodestar Finance exploited in flash loan attack
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation …
Altcoin / Dec. 11, 2022