Another DeFi project hacked, $7.6 million drained
FinNexus, a cross-chain DeFi protocol for writing options exposure for several assets from a single collateral pool, has reportedly lost $7.6 million to the cold hands of hackers.
The decentralized options platform reported the hack on Twitter on Monday, advising investors to withdraw their funds from the pool.
We regret to inform our traders and investors that the FinNexus erc20 contract appears to have been hacked.
— FinNexus (@fin_nexus) May 17, 2021
For safety reasons please withdraw your funds from the pools.
The team is working on this issue and we will provide updates as they become available.
Although the project’s team has claimed that the breach was a smart contract hack, industry experts have refuted the claim, suggesting that the private key for the administrator account was compromised or stolen. It could also be an insider job.
Rug Pull or Security Breach?
DeFi analyst Chris Blec is one of those who believe that the admin key was compromised by a team member. Meanwhile, research analyst Igor Igamberdiev took a deep dive into the breach and discovered that the FinNexus contract deployer swapped the token owner with another address on Ethereum and Binance Smart Chain. After this was done, the address minted 323 million FNX on Ethereum and 60 million FNX on Binance Smart Chain. In total, approximately $7.6 million worth of tokens were minted before the hacker started dumping tokens.
FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC.
— Igor Igamberdiev (@FrankResearcher) May 17, 2021
This address minted:
- 323M FNX ($6M) on Ethereum
- 60M FNX ($1.6M) on BSC
and started dumping tokens.
Rug pull or StOlEn PrIvAtE kEy? pic.twitter.com/yuYe9yM0WM
Although it is unclear how a hacker gained access to the admin’s private key, there are two possible scenarios. The admin key was either genuinely stolen or FinNexus is only buying time to perfect its rug pull. In their defense, FinNexus has published a report explaining what happened. They explained:
Part of the hardware powering FinNexus has been compromised by malware, in what appears to be a targeted attack on our platform. An unknown hacker infiltrated the FinNexus system and managed to recover the private key to the ownership of the FNX token contract.
FinNexus is the fifth DeFi protocol to be exploited this month following breaches on Spartan, Rari Capital, xToken, and bEarn.
Following the breach, the hacker dumped the minted tokens on centralized and decentralized exchanges, leading to a crash in the price of FNX tokens. Data on CoinGecko shows that the digital asset sharply fell from $0.35 before the hack to $0.018. As of press time, FNX was trading at $0.054, which is still a far cry from its pre-hack figures.
As part of its recovery plan, the team has noted that its first step will be replacing FNX with a new token. A pre-hack snapshot will be taken, and users will receive a new coin in what the team has dubbed “a second start for FinNexus.”
Check our guide of the most promising crypto
