On March 10, it was reported that hackers attacking Fantasm Finance used the Ethereum privacy trading platform Tornado.cash .
Fantasm_finance collateral reserve pool has been exploited. The attacker’s able to mint way more $XFTM tokens than they are supposed to and has swapped all of the tokens to #ETH. Total loss is around ~$2,700,000 (1,000 ETH).
Attack Flow: 1.The attacker deployed an unverified contract: 0x944b58c9b3b49487005cead0ac5d71c857749e3e. 2. In the first tx, the attacker swapped $FTM to $FSM and called mint() function in contract 0x880672ab1d46d987e5d663fc7476cd8df3c9f937.
The attacker called collect() function and collected way more XFTM token than supposed to. The attacker repeated step 2 and 3 several times.