Base blockchain exploit leads to $1M theft – Cyber Alerts
An exploit involving unverified loan contracts on the Base blockchain has stolen about $1 million.
The incident took place over several hours, according to blockchain security firm Syvers Warning on October 25.
The attacker exploited a vulnerability in smart contracts related to Wrapped Ether (WETH), successfully fixing the price and taking the money.
Source: Cyber Alerts
Related: BingX launches ‘ShieldX' wallet firewall months after $52M hack
Exploitation of price manipulation
The attacker's first suspicious transaction took out $993,534 in unsecured loan contracts from the Base blockchain.
They transferred most of the stolen funds to the Ethereum network and deposited $202,549 with the privacy-focused Tornado Cash service. A total of $455,127 more funds were used in the same exploit.
In a Q&A with Cointelegraph, Hakan Unal, senior SOC leader at Cyber Alerts, explained the vulnerability used in the attack:
“The term used in these contracts was not strong, relying on only one pair, with a small amount of $400K limited and exposed to predictable price changes.”
Related: US Government Crypto Wallets Hacked for $20M – Arkham Intelligence
Safety implications and prevention
The exploitation of unsecured credit contracts highlights the broader risks associated with decentralized finance (DeFi) platforms that fail to implement strong security measures.
Unal's “more reliable, diversified legend of high liquidity to avoid price manipulation” can be used to prevent similar attacks in the future, especially for “assets like WETH.”
“Improved due diligence on loan contract verification, especially on used oracles, will reduce these risks.”
Related: Radiant Capital hacker makes off with $52 million in stolen funds
Who is responsible?
Unal told Cointelegraph that the attacker was able to get away with the stolen money by exploiting a “price manipulation vulnerability.”
It may fall on those who are responsible for managing unsecured loan contracts as well as choosing an insufficiently secured term for price proofing.
The assailant has not yet been identified and has successfully escaped with the stolen money.
This incident highlights the need to improve the security protocols of DeFi platforms to ensure contract verification to protect users' funds and prevent similar incidents from occurring.
Magazine: Rise of Mert Mumtaz: ‘Perhaps more FUD Solana than anyone else'
