Hacker Successfully Cracks DeFi Platform, Prints 40 Quintillion Coins Before Returning Funds

A hacker successfully cracks decentralized finance (DeFi) platform Cover Protocol en route to printing 40 quintillion COVER tokens and decimating the supply.

In a new Medium blog post, Cover Protocol explains that the attacker exploited a bug on the project’s shield mining contract, Blacksmith.

“The ‘lpTotal’ is expected to be larger than 1e18 wei (the pools are set up so that 10 covTokens is equivalent to 100e18 BPT). If the total pool amount is any less, it would instead act as a multiplier (the opposite of what is intended).

In the event of Grap Finance’s interactions with the contract, 1 wei was left in the pool. It multiplied the rewards by 1e18, causing the mint of 40 quadrillion $COVER.”

The minting of 40 quintillion COVER inflated the coin’s supply, causing prices to plunge over 97%.

Hours after the hack, Grap.Finance, the entity claiming responsibility for the attack, returned the funds while telling Cover to address its security issue.

Following the attack, Cover Protocol urges its 13,000 followers not to buy its native governance token.

“Hello everyone, we are exploring providing a NEW COVER token through a snapshot before the minting exploit was abused. The 4350 ETH that has been returned by the attacker will also be handled through a snapshot to the LP token holders. We are still investigating. Do NOT buy COVER.”

Cover says it may take a snapshot of the network from before the attack, launch a new token and distribute the coins to investors.

Featured Image: Shutterstock/Alexander Geiger