Midas Capital - REKT 2

Midas can’t keep hold of their gold.

On Saturday, one of the lending protocol’s pools was exploited for $600k on BSC.

Midas Capital have found themselves on the rekt.news leaderboard for the 2nd time this year. Acknowledging the incident, the team stated they had “pre-emptively paused all pools”.

Last time we wrote:

It’s always a shame to report on losses in DeFi, but especially when they are down to already known issues, with simple workarounds.

Sadly, this exploit was also down to a known issue, having affected Hundred Finance in April. In what was also a 2nd entry, Hundred lost $7.4M on Optimism.

On Hundred’s first outing we wrote:

Forks upon forks create a house of cards…

When one fork falls, all others have to check their foundations.

When will they learn?

Credit: Peckshield, Ancilia, BlockSec

The exploit was made possible due to a rounding vulnerability in the redeem counter, affecting interest rate calculation (as in April’s Hundred Finance incident).

On Wednesday, RSK-based Tropykus was hit by the same attack, leading to $150k in losses. As pointed out by Alexand39172242, the attacker, who was contacted by the Tropykus team, also funded the Midas attacker’s address.

Attacker’s address: 0x4b92cc3452ef1e37528470495b86d3f976470734

The attacker has deposited a portion of the stolen funds into Tornado Cash and bridged some to Ethereum.

DeFi is an interconnected web of composable protocols and forked code; the possibilities for innovation are limitless, and the opportunities for integration, endless.

But weaknesses, once discovered, instantly propagate through the ecosystem…

…sometimes finding their way into projects whose own devs are seemingly unaware, or don’t think to check.

Keeping on top of these incidents is crucial for anyone working on securing funds in such a complex and interdependent industry.

Our archive is just one click away…

REKT는 익명 작성자들에 의한 공공 플랫폼이며, REKT에 작성된 관점이나 내용에 대해서 그 어떤 책임도 지지 않습니다.

기부 (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT는 당사 웹 사이트의 익명의 작성자 또는 REKT에 의해 게시되거나 관련된 서비스에서 게시되는 콘텐츠에 대해 어떠한 책임도 지지 않습니다. 당사는 익명 작성자들의 행동 및 게시물에 대한 규칙을 제공하지만, 익명의 작성자가 웹 사이트 또는 서비스에 게시, 전송 혹은 공유한 내용을 통제하거나 책임지지 않으며, 귀하가 웹 사이트 또는 서비스에서 직면할 수 있는 불쾌함, 부적절함, 음란함, 불법 또는 기타 해로운 콘텐츠에 대해서도 책임을 지지 않습니다. REKT는 당사 웹 사이트 또는 서비스 사용자의 온라인 또는 오프라인 행위에 대한 책임을 지지 않습니다.