- Amount Lost: $658,370.00
- Funds Returned: $420,170.00
- Category: Exchange (DEX)
- Date: 2023-5-29
Quick Summary
EDE Finance was hit by an Oracle Manipulation exploit resulting in a loss of $658,370 $USD. The attacker returned $420,170 to the team but kept the rest.
Details of the Exploit
EDE Finance is a DEX on the Binance Smart Chain and Arbitrum. The project was exploited through oracle manipulation which resulted in a loss of 658,370 $USD. A white hat hacker was able to exploit the project's vault and stole the assets. Consequently, 420,170 $USD were returned by the white hat to the project. An on-chain message was sent by the hacker with the following text: "All trades that were executed were using prices signed/produced by the devs which allowed anyone to take advantage of these prices and easily empty out the entire ELP pool with just a few transactions. The malicious activity involved intentionally signing incorrect prices to manipulate users' positions and steal their funds while implementing backdoors that allowed them to force liquidate any position they desired. The whole pool was always at risk as there were additional vulnerabilities present too provided you agreed upon certain terms."
Block Data Reference
Attacker address:
https://arbiscan.io/address/0x80826E9801420E19a948b8Ef477Fd20f754932DC
Malicious transaction example:
https://arbiscan.io/tx/0x3758a4b7338d8c3bd39072221ff3b6b6a59d36f3d885934f1b0081877f35163e
Attacker's message:
https://arbiscan.io/tx/0x76799a5759edbf0bfebe317954369e00026c4a87da98604209dfdaa42ccbcfb0
Proof Links: