Skyward finance exploit allegedly results in $3 million loss

Published at: Nov. 2, 2022

Skyward finance, an IDO platform enabling fair token distribution for projects on the NEAR Protocol, has reportedly been exploited for 1.1M NEAR tokens, worth an estimated $3 million USD at time of publication. 

The news was shared on Twitter by Aurora Lab's community moderator Sanket Naikwadi, who stated that the exploit was first noticed by a member of the NEAR protocol community, who goes by the handle @Nearscout.

The @skywardfinance was just exploited for ~1.1M $NEAR Tokens (Worth ~3M) . Thnx to @NearScout for noticing the treasury drain, he pinged me asking if something is wrong with skyward... then we looked into contract txns and found out about the exploit and sus txns.smol

— SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens (@sanket_naikwadi) November 2, 2022

According to the series of tweets on the exploit, Ref finance — a community-led multi-purpose DeFi platform built on the NEAR Protocol — and the Skyward team have been notified of the drain.

The exploiter reportedly initiated the drain by buying lots of skyward tokens on Ref Finance, and “then redeemed it through Treasury on Skyward Finance.”, where they appear to have “got lots of NEAR than what 1 SKYWARD was worth”.

Naikwadi cautioned SKYWARD Token holders to redeem or swap their tokens wherever they can, and no longer interact with Skyward Finance, adding that the “Hacker has already withdrawn NEAR to lots of different wallets.”

If you're a SKYWARD Token holder redeem/swap wherever you can and no longer interact with Skyward Finance.Hacker has already withdrawn NEAR to lots of different wallets.Huge shoutout again to @NearScout.also, Shoutout to @pikespeak_ai , it helped a lot in identifying the txns

— SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens (@sanket_naikwadi) November 2, 2022

Related: Barely halfway and October already the biggest month in crypto hacks: Finance Refined

Exploits within the Defi ecosystem appear to be on the rise. Blockchain analytics firm Chainalysis recentlylabeled October 2022 as “the biggest month in the biggest year ever for hacking activity."

On Oct 12, Cointelegraph reported that $100 million worth of cryptocurrency was drained from Solana-based decentralized finance (DeFi) exchange Mango Markets, resulting in its token plunging by 52%. On the same day of the Mango Market’s exploit, TempleDAO was also exploited for $2 million.

Tags
Related Posts
This platform turns data into cryptocurrency
Large-scale data breaches and the abuse of data by cybercriminals have become an everyday reality. Data is being utilized to drive massive profits in big tech and beyond. In 2018, a breach at Marriott Hotels resulted in 500 million records being stolen, and just earlier this year, Facebook had an enormous break where the details from 533 million users were taken. Cirus is offering individuals new financial opportunities through data monetization using the power of Web 3.0. With over 4,000 Cirus devices currently deployed in real households, the Cirus team is aiming to propel a new ownership economy. By harnessing …
Blockchain / Sept. 17, 2021
‘DeFi done right’: Layer-one protocol launches mainnet
A decentralized finance protocol has launched its mainnet — describing it as a crucial step on the journey to a frictionless financial future. Radix, which describes itself as a platform for smart money, is also launching Instapass with its Olympia mainnet — an optional user and developer service that delivers the world’s first single sign-on solution for building compliant DeFi. The Radix mainnet is being positioned as a generational improvement in the history of decentralized ledger computing — and one that delivers 100 times more executional efficiency than the Ethereum Virtual Machine. This comes hot on the heels of the …
Decentralization / July 29, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Report: GALA token exploit resulted from public leak of private key on GitHub
According to a new post by blockchain security firm SlowMist on Nov. 7, it appears that the last week’s token exploit affecting GameFi project Gala Games resulted from a public leak of applicable security keys on GitHub. As told by SlowMist, pNetwork, the cross-chain interoperability bridge used by Gala Games on the BNB Smart Chain, had three privileged roles in its smart contract pGALA. “The Admin role is used to manage upgrades and changes to the Admin address of the proxy contract. The DEFAULT_ADMIN_ROLE role is used to manage various privileged roles in the logic (eg: MINTER_ROLE ), and the …
Technology / Nov. 7, 2022