On August 15, Rocketswap, a decentralized exchange on the Coinbase native blockchain and Ethereum-based network Base, suffered a crypto exploit, resulting in a loss of over $860k worth of users' assets. The exchange attributed the incident to a "brute force hack" on the server, which held private keys related to the protocol. As a result of the security breach, the hackers were able to gain control of the protocol's farm feature and transfer out a significant amount of users' assets. DeFi Project Hacked, Shares Emergency Plan with Users.
🌎《Now you can now start trading at TNNS PROX》📈
🔥Start trading today, click "sign up" from the link above.
The statement read:
We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server. A brute force hack of the server was detected, and due to the proxy contract used for the farm contract, there were multiple high-risk permissions that led to the transfer of the farm’s assets.
The farm feature has been deactivated and the telegram channel has been shut down by the protocol. Additionally, PeckShield, a blockchain security firm, has provided further information on the crypto exploit.
Hackers Bridge Stolen Asset From Base To Ethereum, Creates New Token
Peckshield, a security firm, has confirmed that hackers exploited DeFi on the Base Chain and stole 471 ETH, worth $867,464.25, from Rocketswap. The hackers then created a new token called "LoveRCKT" and supplied 90 trillion LoveRCKT and 400 ETH to Uniswap. Certik, another security firm, confirmed the attack and labeled it a "Private Key Compromise." Despite the recent launch of the Base blockchain, the Ethereum-based network has been in the news mainly due to issues with some of its projects. On July 31st, the BALD meme coin was accused of being a rug pull project after its developers moved $25.6 million in liquidity off the project a day after it launched on the Base network. BALD initially surged by 3,000% upon launch but soon lost over 90% of its value the next day.
Rocketswap Launches Emergency Plan, Intends To Reach Out To Hackers
After the recent heist on Rocketswap, the project's developer has announced an emergency containment program to its users. As part of the program, Rocketswap plans to deploy a new farm contract. The new contract will be based on an open-source model instead of a proxy contract and is designed to advance the production reduction plan by 0.075 per block.
The emergency programme agreed upon by the team is as follows. 1. We plan to redeploy a new farm contract by dropping the proxy contract and open sourcing it on-chain. 2. The new farm will advance the production reduction plan by 0.075 per block. 3. The team relinquishes… — RocketSwap (@RocketSwap_Labs) August 15, 2023
The project team has decided to renounce all mining risks, except for "low-risk" risks for the allocation of new pools. Additionally, Rocketswap has publicly expressed plans to appeal to the hackers for the return of the stolen assets. Despite the suspended farm feature, Rocketswap has assured its community that all other features remain functional and the Telegram channels will resume operation once stabilized. According to data from DeFillama, Rocketswap TVL has decreased by 31.25% in the last 24 hours, dropping from $3.63 million to $2.48 million.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.