A hack has cost Poolz Finance around $390,000 on the Binance Smart Chain and Polygon, PeckShield spotted on Wednesday.
The blockchain security company noted that the hack could have occurred due to an arithmetic overflow issue.
Poolz Finance Hack, What We Know
According to PeckShield, the initial analysis points towards an arithmetic overflow issue with Poolz Finance. In computer science, it is an issue of a larger operation yield against the relatively smaller storage system. Meanwhile, PeckShield identified a repeat pattern by the same sender on the Token Vesting contract.
The source in Solidity states,
“Arithmetic operations in Solidity wrap on overflow. This can easily result in bugs, because programmers usually assume that an overflow raises an error, which is the standard behavior in high level programming languages.`SafeMath` restores this intuition by reverting the transaction when an operation overflows.”
Blockchain vigilante Bythos was the first to identify and tweet about the issue to PeckShield.
Poolz is a cross-chain decentralized IDO platform. Its infrastructure allows crypto projects with funding before they go public. However, its POOLZ token has taken a hit of over 95% in the past day alone.
POOLZ’s current price of $0.19 is more than 99% lower than its all-time high. Nearly two years back, in April 2021, POOLZ hit a peak price of $50.89.
Euler Finance Hack Preceded the Incident
On March 13, the decentralized finance (DeFi) protocol Euler Finance underwent an exploit. BeInCrypto reported on the day that hackers stole over $195 million from the platform in a flash loan attack.
Following this, Euler sent an on-chain message to the hacker. They said, “If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and return of all funds.”
The hackers have reportedly moved the money from the protocol to two new accounts. The wallets were heavily loaded with DAI stablecoins and Ethereum (ETH).
DeFi Protocols Still Have a Target on Their Backs
In February, Platypus lost over $8.5 million in a flash loan attack. According to a report by Chainalysis, 2022 lost $3.8 billion worth of cryptocurrency, making it the biggest year for hacking. The bulk of this money came from DeFi protocols.
According to David Schwed, Chief Operating Officer of blockchain security firm Halborn, these are based on a web2 attack pattern. In a conversation with Chainalysis, he said, “A lot of the hacks that we’re seeing aren’t necessarily web3-focused, key exfiltration attacks. They’re traditional web2 attacks that have web3 implications.”
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.