- Amount Lost: $9,863,088.00
- Funds Returned: $0.00
- Category: Other
- Date: 2021-12-8
Quick Summary
Exploitation of eCurve Tripool resulted in abnormal issuance of LP tokens and significant asset loss.
Details of the Exploit
The attacker cyclically deposited stablecoins into eCurve Tripool using a malicious contract, leading to abnormal issuing of eCurve Tripool LP tokens. The attacker then transferred 12,000,000 TRIPOOL into their EOA address (itsspiderman1). The attacker deposited these tokens into lend.pizza as collateral and drained all assets from lending, transferring them into the itsspiderman contract address. The total assets lost include EOS, DFS, BOX, YFC, TAG, USDT, TPT, KEY, DAPP, PBTC, CHEX, OGX, ETH, USN, USDC, IQ, BTC, USDB, OUSD, BOXAI, and PETH.
Block Data Reference
The attacker's address:
https://bloks.io/account/itsspiderma1
The transaction behind the attack:
https://bloks.io/transaction/a7392b4e2b3ebc68345c91f538114eeb51cea48584783f2b162b7d4e94f725df
The contract used within the attack:
https://bloks.io/account/itsspiderman
The transaction of depositing TRIPOOL into lend.pizza:
https://bloks.io/transaction/a7392b4e2b3ebc68345c91f538114eeb51cea48584783f2b162b7d4e94f725df
Proof Links: