Main navigation

GYM Network Protocol Hacked, $2.1 Million Stolen: Here's How

Advertisement
Wed, 8/06/2022 - 15:23
GYM Network Protocol Hacked, $2.1 Million Stolen: Here's How
Cover image via www.freepik.com
Read U.TODAY on
Google News
Advertisement

GYM Network is a cross-protocol DeFi aggregator designed to optimize the process of yield farming on BNB Chain and make it straightworward for newbies.

GYM Network allowed to increase balance without actually depositing money

As per the statement shared by PeckShield cybersecurity provider, GYM Network had one of its elements, GymSinglePool, attacked today, June 8, 2022.

The architecture of the pool lacked a caller verification instrument: malefactors were able to increase their balances without sending money to them.

Advertisement

This design flaw was exploited with more than $2.1 million stolen. The attackers immediately started moving their loot to Tornado Cash transaction obfuscating service.

GYM, a core native utility and governance token of the protocol, immediately lost over 50% of its price, plunging from $0.00099 to $0.00048.

More protocols at risk?

Ironically, the protocol was audited twice by PeckShield itself and by CertiK. Also, it leverages Alpaca Finance's codebase which was audited 20 times.

Blockchain researcher Kyrian Alex (Kyrian.sol) highlighted that GYM Network is far from being the only protocol that contains a similar design flaw:

This isn't the first protocol being hacked because of "lack of caller verification". Seem I'll have to check out a lot of these clone protocols looking for this same vulnerability.

Team representatives confirmed the fact of attack. GYM Network's community coordinator explained that the vulnerability was disclosed in a new "Claim and Reinvest" instrument deployed two days ago.

By press time, the source of the bug has been identified and fixed, the team adds.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD