To steal money from specific cryptocurrency wallets, the hacker took use of a flaw in the smart contract code.
- Dexible experienced a $2 million exploit early on Friday.
- Crypto “whales” accounted for 85% of the losses.
Dexible reported on Twitter that the hacker could steal money from cryptocurrency wallets using funds authorized for use by finding a flaw in the smart contract code. They tweeted,
“Hello, Dexible community, we regret to inform you that in the early hours of February 17, a hacker exploited a vulnerability in our newest smart contract. This made it possible for the hacker to withdraw money from any wallet that contained a contract with an unspent spend authorization.”
“We are taking this extremely seriously,” they continued, “and as soon as our team discovered the problem, all Dexible contracts on all chains were suspended. Although the exploit affected some of our users, it has already closed. Our tech lead deserves praise for spotting the attack right away. Our Twitter account, sadly, was unable to answer in time. Statements were made on Telegram and Discord. To stop the exploit, some team members stayed up all night.”
According to the team, “a few whales,” or significant cryptocurrency holders, were responsible for 85% of the losses. BlockTower Capital, a digital asset investment company, was one of the victims, according to blockchain data. Almost $1.5 million in TRU tokens were stolen from a wallet identified as BlockTower’s by blockchain intelligence company Arkham Intelligence and transferred to the wallet address linked to the Dexible exploiter on the blockchain monitoring platform Etherscan. Blockchain intelligence firm Nansen also identified the address as belonging to BlockTower Capital.
Arkham’s blockchain transactions demonstrate that the exploiter sent the stolen TRU tokens to SushiSwap in exchange for ether (ETH). Next, they transfer ETH to TornadoCash, a crypto mixer service provider. According to the Dexible report, the vulnerability drained 13 Arbitrum and 5 Ethereum wallets. Michael Coon, the chief executive of Dexible, wrote on Discord, “We have suspended these contracts until we acquire a comprehensive understanding of the situation.
Message from Dexible Team
“As we write this statement, the team is in a war room to establish the next steps, build a triage strategy, and gather the data,” the team wrote on Twitter. “Although there should never be an excuse for an exploit, they occur. Please help us fix the problem by joining the chat with all the impacted members on our Discord server. Ahead of schedule, information will be posted. This is the first of many predictions we may make,” they added.
The team explained the information about the victims by stating, “We need to compile a list of every member of the afflicted community. As soon as you can, log into Discord and offer block explorer information so that we can get a clear view of those records. In total, 17 traders were impacted, four on Mainnet and 13 on Arbitrum. On Arbitrum, only 13 out of 36 were exploited. Four of Ethereum’s 14 distinct vulnerabilities were exploited. Around 85% of the whales exploited were large ones.”