The attacker then also received their first large OUSD mint, giving them in total more OUSD than the contract had assets. This created a massive rebase for everyone in the contract, including the attacker. The attacker was able to create a rebase event inside the second mint after funds had moved to OUSD from the first large mint, but before the supply of OUSD increased. This “stablecoin” was then called “transferFrom” on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint. The attacker exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake “stablecoin” under their control. Unfortunately, our contract was safe from reentrancy bugs unless one of our supported stablecoins was attacking us. The attack was a reentrancy bug in our contract. XRP - rwU8rAiE2eyEPz3sikfbHuqCuiAtdXqa2v (tag 2033412069).ZEC - t1StUQiw1YyHT515xDxwxjfhEcw2iGSq2yL.BCH - qrfrw5q9gag2vp6jc5nlx0haplm2jlhx9vsvxd9u3e.BTC - 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq.All the withdrawals are suspended at the moment. In the meantime, we ask you NOT TO DEPOSIT ANY FUNDS TO THE EXISTING EXMO WALLETS. Let us stress that all the assets in the cold wallets are safe. The affected hot wallets comprise near 5% of the total assets. We reacted immediately and re-deployed hot wallets. We are still investigating the incident, but as of now, the security audit report showed that some amounts of BTC, XRP, ZEC, USDT, ETC and ETH in EXMO’s hot wallets were transferred out of the exchange. They have ensured their cold storage is safe and only unauthorised access were to their hot wallets EXMO has advised to not deposit into the exchange until further notice. On December 21 2020, some large withdrawals from EXMO hot wallets were detected.
0 kommentar(er)
