Beware: This Token on PancakeSwap “Fundamentally Flawed” with $1.9 Million Drained So Far


Cybersecurity majors PeckShield noticed yet another multi-million-dollar flaw in DeFi contract; community suspects “inside job”

CF, a BSC-based asset of the early-stage DeFi protocol “Creat Future”, contains a critical flaw in its design. This allowed a hypothetical insider to move CF tokens from their peers’ balances.

CF token allegedly rugged, $1.9 million lost

According to the announcement shared by Peckshield earlier today, on April 11, 2022, CFToken (CF) of “Creat Future” protocol has a critical bug in its smart contract.

The creator of the contract has made public one of its internal elements. It allowed everyone to empty the wallets of other FC holders. The attack took place around 06:00 (UTC).

So far, more than $1.9 million have been moved while the price of CF dropped 90% in almost no time. The token was listed by PancakeSwap (CAKE), the largest DEX on BNB Chain, in pairs with U.S. Dollar Tether (USDT) and Wrapped Binance Coin (WBNB).

DeFi enthusiasts on Twitter are sure that such a critical flaw could not mistakenly appear in a smart contract:

Inside job, nothing new. (…) Self-hacked by dev.

Ronin network hacker keeps moving his loot

As of press time, all of the mystery protocol’s social media accounts are deleted. However, three hours before the discovery of the exploit, the automated services had announced the 130% increase in the CF/USDT price on PancakeSwap.

Since the start of 2022, dozens of DeFi and GameFi protocols were attacked; aggregated losses might be eleven-digit.

As previously reported by U.Today, Ronin Network, a purpose-built sidechain for Axie Infinity’s premier GameFi ecosystem, has sold out for $625 million.

The hackers are actively moving funds to Tornado Cash mixer, PeckShield claims.


Read Previous

Crypto Market To Crash In June 2022, Bitcoin and Ethereum Price Might Drop To This Level

Read Next

Highlights April 11: Market bearish, KNC crashes top 100

Leave a Reply

Your email address will not be published. Required fields are marked *

Right Menu Icon