• "Spreading the ideas of freedom loving people on matters regarding metals, finance, politics, government and many other topics"

Fantom protocol Stake Steak’s token crashes by 99% post private key exploit

Scorpio

для продажи слегка подержанный
Founding Member
Board Elder
GIM Hall Of Fame
Joined
Mar 25, 2010
Messages
33,326
Reaction score
54,162

DEFI

Fantom protocol Stake Steak’s token crashes by 99% post private key exploit​

save-80x80.jpg

Published
2 hours ago
on
October 5, 2021
By
Anjali Jain
binary-g630c64043_1280-e1633418468549.jpg

Source: Pixabay

Popular DeFi protocol Stake Steak is in the news today after it suffered an exploit that allowed hackers to mint an exponential amount of the platform’s STEAK token. Soon after, its price plummeted by over 99%.
The Fantom protocol, which aims to keep the fUSD and USDC stablecoins pegged, suffered the exploit after exploiters were able to scrape off a private key from one of their repositories on Github. The same had been there for over 5 months, the protocol’s developers revealed in a postmortem released earlier today.
It further read,
“The exploiters were able to gain access to the STEAK deployer account due to the private keys being visible on the initial commit 5/19 of the steak public contracts on github.”
Two different accounts were used for the exploits. The first exploiter burned around 140,823 STEAK tokens from the liquidity provider as STEAK’s 5 million supply was pre-minted. Following this, the hackers were able to mint the same amount of tokens from the compromised deployer account to their account.

They then devalued liquidity provider tokens for the STEAK-FTM liquidity pool and drained funds from several developer wallets. They were able to get away with 80,636 FTM, worth $115,309 at press time.
The second exploiter then minted a further 30,000 STEAK tokens, while taking out 18,386 fUSD-USDC LP, 9,719 USDC, and 387 FTM from STEAK reserves. In total, the second exploiter took 81,351 USDC in value.
The minted stake tokens were dumped in the market, leading to the same crashing by almost 93% in a matter of minutes. At the time of writing, the altcoin had lost 99% of its valuation. It was trading at $0.045, down from $4.84 before the exploit.

Source: TradingView
The coin’s trading volume was also up by 1062.41%. This, despite Stake Steak developers taking to Twitter to warn users not to try and “buy the dip” by purchasing STEAK tokens.
Don't buy Steak tokens guys. If the PKs are out in the wild then this token can't be resurrected unless a new one is deployed.
FYI. Buying the dip in this particular case isn't the move. https://t.co/cmUBj14b40
— Fantom Community Alerts (@FTMAlerts) October 4, 2021

While being apologetic, the developers also found an introspective moment within the exploit. They decided to rebrand the protocol as part of the recovery plan as they want to “move away from “staking STEAK” to more “practical and useful products.”
The developers want to give the protocol a more professional look and name and have asked the community to vote for possibilities.
As for the compensation, the protocol has decided to airdrop the newly issued tokens to STEAK holders and LPs before the exploit.
Just last week, another DeFi protocol Compound Finance suffered an exploit due to a bug in the distribution mechanism update. This led to over $80 million in funds being compromised. While the aforementioned exploit is much smaller in scale, it points towards a worrying trend of protocol vulnerabilities.


https://ambcrypto.com/usdc-issuer-circle-cooperating-fully-with-sec-investigation/
save-80x80.jpg

Anjali Jain
Anjali is a full-time journalist at AMBCrypto. With a strong background in humanities, her personal inclination lies towards the political and socio-economic aspects of the crypto-sphere

 

Scorpio

для продажи слегка подержанный
Founding Member
Board Elder
GIM Hall Of Fame
Joined
Mar 25, 2010
Messages
33,326
Reaction score
54,162
these show up now and again as vulnerabilities are exploited in the digital game,
 

ds_mustang

Libertarian, Capitalist, Software guy
Silver Miner
Joined
Apr 1, 2010
Messages
1,471
Reaction score
1,321
"Popular" DeFi protocol nobody has heard of. From coingeko it seems Steak had 5 million tokens at $4 value which makes it a $20 million project. That would rank it somewhere below #830 before the hack, which I'd call obscure rather than popular.

If you check your developer private keys into GitHub they are exposed. You can't just delete them because GitHub tracks changes and allows people to view all past versions. Every developer should know that. These guys were clueless.
 

wastrel

rather annoying
Joined
Mar 31, 2010
Messages
190
Reaction score
374
Location
lost in a corn maze in Ohio
after exploiters were able to scrape off a private key from one of their repositories on Github. The same had been there for over 5 months, the protocol’s developers revealed in a postmortem released earlier today.

:laughing: :laughing: :laughing: :laughing:

oh god.... thanks for posting this, I haven't laughed this much in a year
 

nickndfl

Midas Member
Midas Member
Sr Midas Sup +++
Joined
Jan 7, 2011
Messages
16,433
Reaction score
17,585
Location
Florida
Somebody lost a boatload of money.
 

Goldhedge

Retired
Mother Lode
Midas Supporter ++
GIM Hall Of Fame
Joined
Mar 28, 2010
Messages
63,647
Reaction score
137,574
Location
Rocky Mountains
Never heard of it...