Illuvium Team Drains sILV Uniswap Pool in Bid to Prevent Exploit Cash-Out

After discovering a flaw in its staking platform, multibillion-dollar blockchain gaming giant Illuvium has drained all the funds from a Uniswap pool in an effort to prevent an attacker from cashing out.

The drastic move is a perhaps novel step taken by a project to mitigate the damage caused by the latest in a string of hacks, exploits and attacks that have long been rampant in decentralized finance (DeFi), and now appear to be bleeding into the “GameFi” movement.

In a tweet yesterday, the team initially said that while they had discovered a vulnerability, “no funds have been compromised” and that minting contracts had been temporarily paused.

We have found a vulnerability in our staking contracts, and as such, the eDAO has put a temporary pause on $sILV minting. The attack vector has been closed, and no funds have been compromised. This is purely a protection mechanism for the DAO. (1/2)

— Illuvium (@illuviumio) January 4, 2022

However, a record of transactions dating back to November shows a series of addresses with custom contracts consistently depositing a sum of ILV, Illuvium’s governance token, and then withdrawing a greater sum of staked ILV, or sILV, than the initial deposit, before rolling the proceeds to a new address.

Starting at 2 p.m. ET on Tuesday, the sILV/ETH Uniswap V3 pool was drained of all funds in a series of large transactions, temporarily pushing the trading price of sILV to 0.

In a message in the project’s official Discord server, co-founder Aaron Warwick wrote, “In order to stop a security flaw from being executed, we have had to take the step of rescuing the sILV pool.”

Read more: SAND, MANA Tokens Surged in November as Crypto Traders Bet on ‘Metaverse’ Potential

Warwick added on Discord that the team has “a backstop multisig that is able to mint in extreme circumstances.” The team used this multi-signature wallet, an address with specific in-protocol permissions that needs a majority of a group of signers to execute transactions, to mint tokens and sell them for ETH, rendering sILV worthless, as there is no ETH to swap the sILV for.

It’s currently unclear how much sILV the attacker was able to cash out as ETH before the team managed to drain the pool entirely.

“We were aware that the hacker was ready to sell all their sILV, and the amount they had would have completely drained the pool,” said Warwick in an interview with CoinDesk. “We attempted to beat them to it, and they got some and we got some.”

The team is already referring to compensation plans, writing on Discord, “As soon as we can get a snapshot of the true owners of sILV we will reimburse everyone.” Warwick declined to comment further on those plans.

Warwick also advised that users should not buy into any liquidity that is added to the Uniswap pool. ILV is down .8% on the day to $1,004.33.

Previous post How to Invest in the Metaverse
Next post Bitcoin Can Reach $100,000 in ‘Hypothetical’ Store of Value Boost, Goldman Sachs Says
Generated by Feedzy
%d bloggers like this: