Logo
Avatar
Go to articles page
|
74Views

$2.6 million was stolen in a hacker attack on the Fantasm Finance

On March 09, 2022, Fantasm Finance team announced on Twitter about the hacker attack and asked all users to pick up the blocked XFTM tokens and to transfer them from the liquidity pool to avoid possible losses.

As a result of the hacker attack on the service, 1 007 ETH (about $2.6 million) were withdrawn via the Tornado.Cash crypto-mixer.

Fantasm Finance is a DeFi project aimed at developing and popularizing synthetic tokens for the Fantom ecosystem. "Imagine you are able to influence the price of an FTM token without actually owning it. That's not a fantasy." The project's main tokens are the popular FTM, FSM and XFTM coins, which are used as collateral on Fantasm.

After the withdrawal of the funds, XFTM lost 98.06% of its value in 24 hours, with the price settling at $0.02743. Previously its price reached the $1.82 mark. FSM traded at $4.37, dropped by 70.65% in one day.

The TokenScope Team decided to investigate the circumstances surrounding the theft of the funds and to conduct its own investigation of the matter.

According to the official version, published on various media resources, the Fantasm Finance hack occurred due to the vulnerability in the protocol of the service. Hackers carried out a transaction with FSM tokens only, that allowed to mine XFTM tokens without making any pledge in FTM.

The hackers mined 2.8 million XFTM using a small amount of FSM tokens as a collateral. The funds were subsequently converted to 1 007 ETH (about $2.6 million) and were withdrawn via the Tornado.Cash mixer.

The technical analysis of the attack revealed that the transfers were made in 3 blockchains: BNB, ETH and Fantom.

Transactions in BNB:

The hackers received funds from BNB Chain via Tornado.Cash by 2 transactions 0x11407dd11dd028cfefdb24c9bde9163b4d10e3338e62c74ae2f5f3c2ec863133 and 0xeffe3e64b2df1e80d5282a55bd12a7e89cd088616d85274bb1589b3b96526f28, then exchanged BNB for USDC via Pancakeswap Router 0xe47bd66738fd6721817ebc68cfdfde19d860330cc8b84bdf6761a3f1957ef188.

The USDC and Fantom were then merged via Celer Bridge 0x2b5f6177888881958d98935cdfcbc97a7de8405b1d059c931f02461776ad9e007.

Fantom Transactions:

The funds received from the Celer Bridge and FTM were mixed 0x455f72c451743bccfd9800c43bb56fcdd72d135247335ce07946c36974f5b799 and converted USDC to receive more FTMs: 0xed81960af5bba6cb7a48839ed9a6eed9b665cba4b9cfc1089603262e0082e9f2.

The hacker has deployed a contract (0x944b58...) that launched an exploit: 0x944b58c9b3b49487005cead0ac5d71c857749e3e. This contract used a vulnerability in Fantasm's Pool contract, where the developer omitted the condition of checking the minimum number of deposited FTMs for XFTM mining. XFTM mining was only possible with FSM token, with no deposit of FTM, i.e., without any collateral.

Ethereum transactions:

The mined funds in XFTM were transferred through the Celer Bridge service to ETH 0x47091E015b294B935BABADA2d28aD44e3Ab07ae8D and subsequently withdrawn via the Tornado.Cash mixer service.

The day after the hack, the Fantasm Finance service team announced that a part of the FTM pledge was a "white hack" and announced compensation to users affected by the hack.

It worth mentioning that the Fantasm hack comes a few days after the departure of the two service executives Andre Cronje and Anton Nell. The Nell's subsequent announcement that 25 apps were discontinued also triggered panic sales started from March 6. Cronje had previously written about his frustration with the DeFi community and its fast-paced rich culture.

An analysis of the findings shows that it is highly likely that the owners of the service and, possibly, its former managers, were involved in the organization of this hack. Such conclusions are primarily related to the:

  • information about the manageable rate of the FTM token and the presence of the speculative transactions. Presumably, this attack was carried out for token price manipulation;
  • relative "freshness" of the XFTM token (was launched on February 28, 2022), due to which there are no major reputation risks;
  • prompt confirmation by the team that some of the funds were hacked by a "white hacker".

Successful investments in cryptocurrency projects and don't forget to check addresses for risks, it can help to save your funds! Also, you can report us any cases related to specific cryptocurrency addresses and the considered risks at TokenScope via "Report cryptocurrency address" form. This will help to protect other users from the risks of interacting with such addresses and their owners.

The TokenScope Team
#TokenScope #crypto #fantom #fantasm #hacked
More about TokenScope cryptocurrency risk assessment & investigation platform at:
TokenScope.com|Telegram|Twitter
You may also like:
Crypto regulation in the world: weekend update
Crypto regulation in the world: weekend update
GainBitcoin is the largest cryptocurrency scam in history
GainBitcoin is the largest cryptocurrency scam in history
Crypto regulation in the world: weekend update
Crypto regulation in the world: weekend update
El Salvador is the first to adopt BTC as its national currency
El Salvador is the first to adopt BTC as its national currency
Crypto regulation in the world: weekend update
Crypto regulation in the world: weekend update