According to the security department of web3 protocol De.Fi, bad actors have stolen about $7.2 million worth of the leading smart contract platform by exploiting Exactly (EXA), an open-source credit market project.
“After a thorough review of the Exactly protocol hack, we have concluded that the total of stolen amount up to date is ~$7.2 million (4,323.6 ETH) Eventually, they bridged ~1,490 ETH, using Across Protocol, and 2,832.92 ETH to Ethereum via Optimism Bridge.”
According to Exactly, the protocol has been temporarily paused as the issue is investigated, though investors will still be able to withdraw funds.
“We’re actively investigating a security issue within our protocol. To ensure user safety, the protocol is temporarily paused (you can still withdraw assets). Our team is on top of this and will share more details as soon as possible.”
Blockchain security firm Beosin explains how the hacker found a way to bypass the protocol’s security measures.
“Root cause of the Exactly Protocol exploit: the market address in DebtManager contract could be manipulated. The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal the USDC deposited by users. Finally liquidated users’ assets to make a profit.”
News of the hack had an impact on EXA’s price as the altcoin fell sharply during the last 24 hours. EXA is trading for $4.28 at time of writing, a 32% decrease in the last day.Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on Twitter, Facebook and Telegram
Surf The Daily Hodl Mix
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney