- Amount Lost: $200,000.00
- Funds Returned: $0.00
- Category: Token
- Date: 2023-12-6
Quick Summary
Time token, an ERC20 token on Ethereum, suffered a price manipulation exploit on Dec 6, 2023, resulting in a loss of 94 ETH or $200,000 USD.
Details of the Exploit
On December 6, 2023, Time token was exploited due to a smart contract vulnerability that allowed price manipulation via a public burn issue and vulnerable ERC2771 standard. The attacker exploited the vulnerable Forwarder contract and was able to drain funds from the DEX by burning TIME tokens to inflate the token price and take away rewards. The exploit resulted in a loss of 94 ETH, equivalent to approximately $200,000 USD. Thirdweb, the deployer of the TimeToken contract, had issued a community alert regarding the security vulnerability on December 5th, 2023, following an internal disclosure on November 20, 2023. Users who deployed impacted pre-built smart contracts before November 22, 2023, at 7 PM PST need to take specific mitigation steps to address the vulnerability identified by Thirdweb. The stolen funds are currently at the malicious contract.
Block Data Reference
Attacker Address:
https://etherscan.io/address/0xfde0d1575ed8e06fbf36256bcdfa1f359281455a
Malicious Transaction:
https://etherscan.io/tx/0xecdd111a60debfadc6533de30fb7f55dc5ceed01dfadd30e4a7ebdb416d2f6b6
Malicious Contract Address:
https://etherscan.io/address/0x6980a47bee930a4584b09ee79ebe46484fbdbdd0
Proof Links: