Facebook Twitter Instagram
    Crypto AcademyCrypto Academy
    • Home
    • News
    • Price Predictions
    • Price Analysis
    • NFTs
    • Learn
    • Press Releases
    • Coins
      • Bitcoin
      • Ethereum
      • Cardano
      • Safemoon
      • Dogecoin
    • Advertise on Crypto Academy
    Facebook Twitter Instagram Telegram
    Crypto AcademyCrypto Academy
    Home»News»Rubic Exchange Hack – Over $1.4M Lost
    News

    Rubic Exchange Hack – Over $1.4M Lost

    Rea K.By Rea K.December 25, 2022Updated:December 25, 20222 Mins Read
    Rubic Exchange Hack - Over $1.4M Lost
    Share
    Facebook Twitter LinkedIn Email Reddit Telegram WhatsApp

    Rubic is a cross-chain DEX aggregator which allows users to trade native tokens via the RubicProxy contract’s routerCallNative function. It will first determine whether the target Router of the necessary call entered by the user is on the protocol’s white list before redeeming.

    The multi-chain exchange protocol was hacked, according to PeckShield’s monitoring, causing a loss of more than $1.4 million. 1,100 ETH were transmitted to the Tornado Cash mixing protocol by the attacker.

    Dear Rubicans,
    One of our routing contracts might be compromised. All contracts will be stopped until we understand the situation fully. Please don't use https://t.co/rDZSZrTUTe.
    Revoke https://t.co/F8QMpyd517
    ASAP via https://t.co/hwLI2Cwkt1

    — Rubic (@CryptoRubic) December 25, 2022

    According to the SlowMist security team, the biggest reason for the attack was that the protocol improperly put USDC coins into the Router whitelist, which led to the theft of USDC tokens from users who were authorized to utilize the RubicProxy contract.

    2. The attacker address:https://t.co/fcyeNlSigh

    — Hacken🇺🇦 (@hackenclub) December 25, 2022

    Only after the whitelist check, the user-supplied target Router will be called, together with the user-supplied calling data. Unfortunately, USDC coins have also been added to the Router whitelist of the Rubic protocol, which enables any user to call USDC tokens arbitrarily using the RubicProxy contract.

    As a consequence, malicious users take advantage of this flaw by utilizing the routerCallNative function to contact the USDC contract and the transferFrom interface to get USDC tokens from users who are authorized to utilize the RubicProxy contract on their behalf.

    Previous ArticleBinance To Raise Funds With Warren Buffet’s Berkshire Hathaway
    Next Article Mark Cuban Defends Bitcoin – Investing in Gold is ‘Dumb’

    Related Posts

    Gemini To Base European Operations in Dublin

    FBI Warns of Crypto Human Trafficking Rings in Asia

    Miami Mayor Francis Suarez Converts His Full Salary To Bitcoin

    Facebook Twitter Instagram Telegram RSS
    • Home
    • Advertise on Crypto Academy
    • Terms and Conditions
    • Privacy Policy
    © 2023 Crypto-Academy.org. All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Go to mobile version