Maiar decentralized crypto exchange goes offline after bug discovery

Published at: June 7, 2022

The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD).

Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange.

Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented.

In a Twitter thread posted almost 24 hours later at around 11:00 pm UTC on Monday, Mincu said a potentially critical bug was identified that opened “an exploit area that we simply had to address and mitigate immediately.”

The suspicious activities have been possibly identified and explained in a Twitter thread by pseudonymous on-chain analyst Foudres, who revealed that the potential attacker deployed a smart contract that somehow allowed them to withdraw over 1.65 million EGLD.

Three wallets were able to mysteriously withdraw 800,000, 400,000 and 450,000 EGLD, respectively, which at current prices is worth nearly $113 million in total.

The attackers were able to sell around 800,000 EGLD, worth around $54 million, which caused the price of EGLD on Maiar to plummet from $76 down to around $5. The rest of the crypto is either still held in various wallets, has been bridged to USD Coin (USDC) and Ether (ETH), or was sold on centralized exchanges.

The price of EGLD dropped 9.5% from around $74 down to a 24-hour low of $65.50 but has since slightly recovered, now trading near $68.

Mincu stated in his update that an upgrade was implemented to fix the bug and a technical explanation would be provided after clarification that the implemented solutions are tested and working.

Related: DeFi attacks are on the rise — Will the industry be able to stem the tide?

He claimed that all funds are safe and will be available when the DEX restarts, which is scheduled for Tuesday, saying most exploited funds have been either recovered in full or will be covered by the Elrond Foundation.

As previously reported by Cointelegraph, approximately $1.6 billion in cryptocurrency has been stolen from decentralized finance (DeFi) platforms in the first quarter of 2022, and over 90% of all stolen crypto is from hacked decentralized finance (DeFi) protocols such as DEXs.

Tags
Dex
Related Posts
Fei Protocol founder proposes ghosting Tribe DAO following hack repayment
An attack in April 2022, which drained off nearly $80 million from various Rari Fuse pools, required the decentralized finance (DeFi) platform Fei Protocol to come up with a solution that minimizes damage to the ecosystem. Fei Labs’ latest proposal, which partly recommends revoking participation from Tribe DAO, received mixed sentiments from the community. Fei Protocol founder Joey Santoro announced the latest proposal, TIP-121: Proposal for the future of the Tribe DAO, revealing the company’s intent to reimburse Fuze victims. It also details plans for asset redemption and the distribution of protocol-controlled value (PCV) assets that manage the liquidity and …
Altcoin / Aug. 20, 2022
Kyber Network offers bounty following $265K hack of decentralized exchange
KyberSwap, the decentralized exchange built on liquidity protocol Kyber Network, has offered a hacker 15% of the funds from a $265,000 exploit as a bug bounty. In a Thursday blog post, Kyber Network said a hacker had used a frontend exploit to pilfer roughly $265,000 worth of user funds from KyberSwap. The protocol said it will compensate all users for any missing funds related to the exploit, and directly addressed the hacker to give them an opportunity to return the funds in exchange for “a conversation with our team” and 15% of what was taken — roughly $40,000. “We know …
Business / Sept. 2, 2022
Transit Swap loses over $21M due to internal bug hack, issues apology
Transit Swap, a multi-chain decentralized exchange (DEX) aggregator, lost roughly $21 million after a hacker exploited an internal bug on a swap contract. Following the revelation, Transit Swap issued an apology to the users while efforts to track down and recover the stolen funds are underway. “We are deeply sorry,” stated Transit Swap while revealing that a bug in the code allowed a hacker to make away with an estimated $21 million. Blockchain investigator Peckshield narrowed down the attack to a compatibility issue or misplaced trust in the swap contract. pic.twitter.com/KJ7u5xoxBp — Transit Swap | Transit Buy | NFT (@TransitFinance) …
Ethereum / Oct. 2, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby
The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …
Nft / Feb. 7, 2023