Fantasm_finance‘s collateral reserve pool has been exploited.

Fantasm_finance is a DeFi project aimed at developing and popularizing synthetic #tokens for the FantomFDN Ecosystem.

On March 10, it was reported that hackers attacking Fantasm Finance used the Ethereum privacy trading platform Tornado.cash .

Fantasm_finance collateral reserve pool has been exploited. The attacker’s able to mint way more $XFTM tokens than they are supposed to and has swapped all of the tokens to #ETH. Total loss is around ~$2,700,000 (1,000 ETH).

Attack Flow: 1.The attacker deployed an unverified contract: 0x944b58c9b3b49487005cead0ac5d71c857749e3e. 2. In the first tx, the attacker swapped $FTM to $FSM and called mint() function in contract 0x880672ab1d46d987e5d663fc7476cd8df3c9f937.

The attacker called collect() function and collected way more XFTM token than supposed to. The attacker repeated step 2 and 3 several times.

Reference:https://twitter.com/CertiKAlert/status/1501736711314890753

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.