The Layer 1 Elrond network got hacked with more than $1.65 million worth of tokens stolen and dumped on the market, which caused a massive 95% plunge of EGLD token, Wu Blockchain reports. The attack was reportedly aimed at a certain exchange.
There are at least three addresses tied to the exploit, ending with f854j, fu950 and 4ww0rt. These addresses were created simultaneously and received funding from the Binance exchange. After receiving some money from the exchange, they have deployed a smart contract with the function "deploy."
There was a security breach in Elrond, a L1 network. Hackers obtained nearly $1.65 million EGLD for free, and sold them through Maiar DEX, resulting in a 92% drop. At present, the official has suspended DEX and related APIs. https://t.co/Odv0Yi0JQV— Wu Blockchain (@WuBlockchain) June 7, 2022
In the next hour, a new operation took place with the Withdraw function, after which hackers received $1.65 million worth of tokens. Unfortunately, it is unclear how hackers were able to withdraw such a large volume of funds with only one operation.
Some developers provided their version of the hack that relies on the loophole in the liquidity of wEGLD and EGLD smart contracts. Though the nature of the loophole remains unclear, as it may be tied to the exchange or network side.
After stealing the funds, hackers are deliberately trying to hide their tracks by creating new addresses and moving funds from one network to another. Unfortunately for them, it is almost impossible to make funds disappear without using coin mixing solutions.
Luckily, the 95% was present only on the EGLD/USDC trading pair as the EGLDUSDT trading pair on KuCoin cryptocurrency exchange remains intact with no abnormal volatility observed on the chart.
Reportedly, the DEX’s API is prevented from determining an actual cause of the exploit and working toward returning the funds or recovering the loss. If hackers decide to withdraw their funds using USDC stablecoin, they will most likely fail due to the centralized nature of the coin.