ShadowFi Exploit Allows Attacker to Burn and then Drain $300k of Liquidity

ShadowFi reported the attack on its Twitter account on September 3. Hackers recently used ShadowFi, a crypto-private initiative, to launch an attack on DeFi systems. The exploitation, which cost around $300,000, was made public after Peckshield, a well-known blockchain security firm, raised the red flag.

How Did the Hack Occur?

According to ShadowFi, the attacker depleted its liquidity pool contract, leaving it at zero dollars. According to Peckshield, the vulnerabilities in the SDF token facilitated protocol exploitation. This flaw made it easier to burn the token because it allowed anyone to do so without permission.

#PeckShieldAlert PeckShield has detected @ShadowFi_ suffered an exploit possibly due to a vulnerability of SDF token which allows the token can be burnt by anybody, the exploiter grabbed ~1,078 $BNB (~$301k). $SDF has dropped 98.5%https://t.co/O8ugq2sU3p pic.twitter.com/Ljg3RfkGFl

— PeckShieldAlert (@PeckShieldAlert) September 2, 2022

Furthermore, Peckshield stated that the hacker stole approximately 1,078 BNB, or $300,000. The hacker was identified as NeorderDAO by the blockchain security firm. The company claimed that the hacker’s name was recorded in its internal database.

Attacker exploits bug in ShadowFi to empty $300,000 liquidity pool

September 1, 2022https://t.co/hq33VyYcM6 pic.twitter.com/dLy88sir08

— web3 is going just great (@web3isgreat) September 2, 2022

Tornado Cash Use Causes Massive Cryptocurrency Losses

The hackers, according to Peckshield, transferred the stolen funds to Tornado Cash. Tornado Cash is causing more harm than good in the cryptocurrency industry. Hackers have used encryption software to send money from compromised networks. Since 2019, the software has assisted in laundering more than $7 billion from various cryptocurrency exchanges.

The exploiter is labeled as a NeorderDAO scammer in our internal database. The stolen funds already into TornadoCash pic.twitter.com/REEn5fuJ4l

— PeckShieldAlert (@PeckShieldAlert) September 2, 2022

The Lazarus Gang, a notorious North Korean hacker group, often used Tornado Cash to send more than $455 million. In addition, hackers used Tornado Cash to steal approximately $96 million from Harmony Bridge. Similarly, the secrecy app facilitated Nomad’s $7.8 million wire transfer. On September 1, KyberSwap was attacked, which cost approximately $265,000. Although KyberSwap acknowledged the hack, it was investigating the incident.

The company then offered the hacker a 10% reward for returning the stolen funds. Shortly after the KyberSwap attack, hackers also targeted the ShadowFi DeFi protocol. Tornado Cash was banned by the US Treasury Office of Foreign Assets Control (OFAC) last month due to its widespread use and criticized the use of secrecy software in attacks on numerous crypto networks. Because of the ban, well-known sources were forced to remove Tornado Cash from their servers.

Despite strict prohibitions, hackers continue to use the tool to send money. When the OFAC first announced the Tornado Cash ban, some in the cryptocurrency community reacted negatively. This resulted in harsh penalties for businesses that followed OFAC’s instructions and stopped using Tornado Cash. On the other hand, the OFAC decision to ban the secrecy app has become justified due to its continued use by hackers.

ShadowFi Guarantees to Solve the Problem

Hacks into cryptocurrency markets are becoming more problematic for authorities and stakeholders. For instance, Tornado Cash was added to the ban by US regulators to close specific security gaps where hackers frequently pounce to launch their attacks.

Conversely, Tornado remains operational despite the prohibition, thanks to the exploiter of ShadowFi’s most recent use of the crypto mixer. According to reports, the exploiter transferred to Tornado after exchanging approximately 8.4 SDF tokens for 1078 BNB.

ShadowFi, on the other hand, confirms the team’s commitment to finding a solution that is in the consumer’s best interests. The protocol requests that users be patient while the team works to resolve the issue.

Related

• Best Beginner Crypto to Invest in 2022
• How to Buy Bitcoin – Beginner’s Guide
• How to Buy Tamadoge

Tamadoge - The Play to Earn Dogecoin

Our Rating

• '10x - 50x Potential' - CNBC Report
• Deflationary, Low Supply - 2 Billion
• Listed on OKX, Bitmart, LBank, MEXC, Uniswap
• Move to Earn, Metaverse Integration on Roadmap
• NFT Doge Pets - Potential for Mass Adoption

Buy TAMA

  This article was written for Business 2 Community by Arslan Butt.
Learn how to publish your content on B2C

Join our Telegram channel to stay up to date on breaking news coverage

Add B2C to your Google News Feed

---

Author: Arslan Butt

Arslan is a professional live webinar speaker and derivatives (cryptocurrency, forex, commodities, and indices) analyst. Arslan holds an MBA in Finance, and an MPhil in Behavioral Finance.
Arslan brings a broad range of skills to help beginners evaluate financial data and investment trends, carry out technical analysis, fundamental analysis, and…

View full profile ›

---

More by this author:

• Bitcoin Price Prediction – How BTC Rangebound Action is Fuelling Up for Charge to $36k
• Arbitrum Price is Trending Higher at $1.34 – Is This a Good Time to Buy?
• Bitcoin Price Prediction – Back Above $28k, Can BTC Smash Resistance This Time?