Cybersecurity majors PeckShield noticed yet another multi-million-dollar flaw in DeFi contract; community suspects “inside job”
CF, a BSC-based asset of the early-stage DeFi protocol “Creat Future”, contains a critical flaw in its design. This allowed a hypothetical insider to move CF tokens from their peers’ balances.
CF token allegedly rugged, $1.9 million lost
According to the announcement shared by Peckshield earlier today, on April 11, 2022, CFToken (CF) of “Creat Future” protocol has a critical bug in its smart contract.
The creator of the contract has made public one of its internal elements. It allowed everyone to empty the wallets of other FC holders. The attack took place around 06:00 (UTC).
So far, more than $1.9 million have been moved while the price of CF dropped 90% in almost no time. The token was listed by PancakeSwap (CAKE), the largest DEX on BNB Chain, in pairs with U.S. Dollar Tether (USDT) and Wrapped Binance Coin (WBNB).
DeFi enthusiasts on Twitter are sure that such a critical flaw could not mistakenly appear in a smart contract:
Inside job, nothing new. (…) Self-hacked by dev.
Ronin network hacker keeps moving his loot
As of press time, all of the mystery protocol’s social media accounts are deleted. However, three hours before the discovery of the exploit, the automated services had announced the 130% increase in the CF/USDT price on PancakeSwap.
Since the start of 2022, dozens of DeFi and GameFi protocols were attacked; aggregated losses might be eleven-digit.
As previously reported by U.Today, Ronin Network, a purpose-built sidechain for Axie Infinity’s premier GameFi ecosystem, has sold out for $625 million.
The hackers are actively moving funds to Tornado Cash mixer, PeckShield claims.