Main navigation

Beware: This Token on PancakeSwap "Fundamentally Flawed" with $1.9 Million Drained So Far

News
Mon, 04/11/2022 - 09:42
article image
Vladislav Sopov
Cybersecurity majors PeckShield noticed yet another multi-million-dollar flaw in DeFi contract; community suspects "inside job"
Beware: This Token on PancakeSwap "Fundamentally Flawed" with $1.9 Million Drained So Far
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

CF, a BSC-based asset of early-stage DeFi protocol "Creat Future," contains a critical flaw in its design. It allowed a hypothetical insider to move CF tokens from their peers' balances.

CF token allegedly rugged, $1.9 million lost

According to the announcement shared by Peckshield earlier today, on April 11, 2022, CFToken (CF) of "Creat Future" protocol has a critical bug in its smart contract.

The creator of the contract made one of its internal elements public. It allowed everyone to drain the wallets of other CF holders. The attack took place at around 6:00 a.m. (UTC).

So far, more than $1.9 million have been moved while the price of CF dropped 90% in almost no time. The token was listed by PancakeSwap (CAKE), the largest DEX on BNB Chain, in pairs with U.S. Dollar Tether (USDT) and Wrapped Binance Coin (WBNB).

DeFi enthusiasts on Twitter are sure that such a critical flaw could not appear in a smart contract by mistake:

Inside job, nothing new. (...) Self-hacked by dev.

Ronin Network hacker continues moving his loot

By press time, all social media accounts of the mysterious protocol are deleted. However, three hours before the exploit was found, automated services had announced the 130% spike in CF/USDT price on PancakeSwap.

Since the start of 2022, dozens of DeFi and GameFi protocols were attacked; aggregated losses might be eleven-digit.

Related
Biggest DeFi Hack Ever? Axie Infinity's Ronin Drained of $625 Million

As covered by U.Today previously, Ronin Network, a purpose-made sidechain for Axie Infinity top-notch GameFi ecosystem, was drained for $625 million.

The hackers are actively moving funds to Tornado Cash mixer, PeckShield claims.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)