Article reading time:
“Haktyabr” continues - the attackers were able to access the wallet of the developers of the decentralized autonomous organization FriesDAO and withdraw FRIES tokens in the amount of $2.3 million.
In addition to FRIES, the attackers brought out othertokens from the staking pool. The stolen funds were exchanged for DAI stablecoins and are still in the hackers' wallet. It also holds 160 ETH and a small amount of other cryptocurrencies.
“We have learned that attackers have exploited a vulnerability in the refund contract,” the developers of the project said.
As it turns out, the developers' wallet was generated using Profanity. Wallets created with this tool were at risk after a vulnerability was discovered.
There have already been several cases of withdrawal of funds from suchwallets. The vulnerability became known a long time ago, so the FriesDAO hack occurred only because of the negligence of the developers, who did not change the wallet address.
This attack could have been prevented becauseProfanity vulnerabilities became known more than a month ago. CertiK encourages all Web3 projects that have used this tool to immediately transfer all funds from these wallets to other securely generated addresses,” said a CertiK spokesperson.
Recall that for the first time about the Profanity vulnerability became known in the middle of last month.