Main navigation

Fantom's DeFi Fantasm Finance (FSM) Exploited; $2.6 Million Lost

Thu, 03/10/2022 - 14:25
article image
Vladislav Sopov
The season of DeFi hacks is nowhere near an end: Fantom-based protocol is under fire
Fantom's DeFi Fantasm Finance (FSM) Exploited; $2.6 Million Lost
Cover image via
Read U.TODAY on
Google News

Another day, another DeFi hacked: the Fantasm Finance (FSM) team releases a post-mortem for its recent exploit.

Three chains, five assets: Fantasm Finance drained for $2.6 million

According to the official announcement shared by Fantasm Finance DeFi protocol, its mechanism was drained of $2,600,000 on March 9, 2022.

Per the post-mortem, the exploiters utilized BNB Chain, Fantom and Ethereum. The exploit itself was triggered by a previously unknown error in Fantasm's pool contract.

The contracts' devs missed the condition to check for the minimum amount of FTM injections required to mint XFTM, a synthetic asset of Fantasm.

This flaw allowed the attacker to mint XFTM tokens with only FSM and then exchange XFTM for FTM.

Repayment campaign starts on March 11, 2022

FTM tokens were swapped to Ethers; ETH were moved from the protocol via Celer Bridge. The total amount of losses nets approximately $2,622,097.

Today, on March 10, the attackers started to wash their loot through the Tornado Cash mixer.

The Fantasm Finance (FSM) team decided to stop XFTM minting and initiate a repayment program. It is set to go live on March 11 at 9:00 a.m. UTC.

Yearn.Finance (YFI) Targeted by "Flash Loan" Attack, $11,000,000 Drained

As covered by U.Today previously, numerous DeFis fell victim to flash loan attacks in Q1, 2022. Yearn.Finance (YFI) protocol lost $11,000,000 in early February.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)