Fortress Protocol – an algorithmic cash market and defi lending protocol – has been drained of all funds following an oracle manipulation assault. The stolen crypto has since been bridged from Binance Smart Chain to Ethereum and blended utilizing the privateness protocol Tornado Cash.
Buying Out the Protocol
Blockchain safety agency CertiK shared details about the hack with CryptoPotato on Monday. It started with the hacker utilizing ETH to buy a considerable quantity of FTS – the governance token managing the FTS protocol.
The quorum votes on Fortress loans’ governance contract is 400,000 FTS. That was value simply $18,000 on the time of the hack and represented a smaller quantity of tokens than the attacker held. In different phrases, he now held the authority to move any protocol change proposal that he favored.
As such, he handed proposal ID 11, which modified the collateral issue on FTS tokens inside mortgage contracts from 0 to 700,000,000,000,000,000. He additionally up to date the value oracle utilized by the mortgage contract such that the token’s value would replace, even when voting energy was zero.
“With these updates, the value of the attacker’s collateral (FTS) was raised significantly, so the attacker was able to borrow large amounts of other tokens from the loan contracts,” defined CertiK over Twitter.
The attacker used his remaining FTS to borrow a large quantity of tokens, and convert them to over 1000 ETH, and over 400,000 DAI – value over $3 million on the time of the hack. He then deployed a self-destruct mechanism encoded into his malicious good contract and swiftly transferred the stolen items to Tornado Cash.
The fortress protocol staff mentioned they’re “absolutely devastated” by yesterday’s occasions. They have known as on the neighborhood to not deposit any belongings into Fortress, and for all accessible companions to help in reclaiming the funds.
Tornado Cash: Criminal Tool of Choice
Both the ETH required to buy the hacker’s preliminary FTS, and the ETH representing the hacker’s stolen items got here and went by means of Tornado Cash. The mixing protocol breaks the hyperlink between a sender and receiver’s handle on Ethereum, letting the hacker maintain his id hid from begin to end.
The identical protocol has been helpful to quite a few crypto thieves over the previous few months. The individual or group behind the $600 million Ronin hack in March is now solely accountable for 15% of funds being deposited into the mixer.
In January, an approximate $14.6 million in ETH stolen from Crypto.com was laundered by means of Tornado.
Binance Free $100 (Exclusive): Use this hyperlink to register and obtain $100 free and 10% off charges on Binance Futures first month (phrases).
PrimeXBT Special Offer: Use this hyperlink to register & enter POTATO50 code to obtain as much as $7,000 in your deposits.