- May 30, 2023
- Posted by: [email protected]
- Category:
According to a report by CertiK, a blockchain security firm, the DeFi protocol WDZD Swap was recently exploited, resulting in a loss of $1.1 million worth of Binance-pegged Ethereum. On May 19, nine fraudulent transactions siphoned 609 Binance-pegged ETH from a contract affiliated with the WDZD project.
WDZD Swap is a decentralized finance project running on the BNB Smart Chain (BSC) and promoted by the Twitter account @DZDDAO, which has a significant following of over 86,000. Although the mechanics of the project were not fully understood by CertiK, the user interface suggested that it allowed users to farm a token called “WDZD” by staking ETH.
According to CertiK, WDZD may have been sold to users in exchange for Binance-pegged ETH as part of an initial DEX offering (IDO). CertiK shared an image of an advertisement for the WDZD IDO, along with a BSC address for transactions.
The attacker responsible for the exploit was identified as “Fake_Phishing750,” a known exploiter who had previously attacked another protocol called “Swap X,” as reported by CertiK. The attacker created a malicious contract, which was then used to perform nine transactions that drained $1.1 million worth of ETH from the Swap LP contract where the funds had been deposited.
The Swap LP contract is unverified by BscScan, making it challenging to determine precisely how the attacker executed the exploit. However, CertiK stated that the attacker likely transferred WDZD tokens to the protocol’s factory address using an unverified function-call. These WDZD tokens were then swapped for LP tokens, which were eventually redeemed for the underlying ETH, allowing the attacker to profit from the exploit.
The crypto community has been plagued by hacks, scams, and rug pulls throughout 2023. Notably, the Ordinals Finance protocol experienced a rug pull, resulting in the loss of over $1 million in assets, and a bug in a Level Finance contract was exploited, causing another $1 million in losses.
CertiK reported a decline in losses from exploits during the first quarter of the year but cautioned that this might be a temporary reprieve. The ongoing incidents highlight the need for increased security measures and thorough auditing within the decentralized finance space.