CertiK: Rikkei Finance Attacked Due to Lack of Access Control on setOracleData Function

CertiK tweeted that Rikkei Finance was attacked due to a lack of access control on function setOracleData. The attacker changed the oracle to a malicious contract, and then manipulated prices, borrowed funds to then drain $USDC, $BTCB, $DAI, $USDT, $BUSD and $BNB from the contract in successive transactions. The attacker swapped all of those tokens to 2,671 $BNB (about $1.11 million) and then used Tornado Cash to transfer those $BNB out of his address.
Source

Metaverse

DeFi

Security Incidents

In This Article

Related News
Bybit hackers move over half the stolen ETH onto Bitcoin, largely using ThorChain Bybit hackers move over half the stolen ETH onto Bitcoin, largely using ThorChain
Stablecoin neobank Infini exploited for $49 million: security analysts Stablecoin neobank Infini exploited for $49 million: security analysts
Wildcat, the decentralized credit platform built by Crypto Twitter mainstay Laurence Day, launches new version on Ethereum Wildcat, the decentralized credit platform built by Crypto Twitter mainstay Laurence Day, launches new version on Ethereum
NoOnes CEO Ray Youssef discloses $8 million exploit weeks after the fact, confirming crypto sleuth ZachXBT's investigation NoOnes CEO Ray Youssef discloses $8 million exploit weeks after the fact, confirming crypto sleuth ZachXBT's investigation
Bernstein names Robinhood as top 'crypto deregulation trade,' raises price target to $51 Bernstein names Robinhood as top 'crypto deregulation trade,' raises price target to $51
Latest News More More
8 Hours Ago Citigroup predicts stablecoin supply could hit $3.7 trillion by 2030
8 Hours Ago Ark Invest raises 2030 bull-case bitcoin price projection to $2.4 million on 'aggressive' modeling
1 Day Ago Zora airdrop triggers confusion as token launches without announcement, requires users claim manually
2 Days Ago pot bitcoin ETFs see $936 million inflows as 'safe haven' narrative strengthens
2 Days Ago Binance South Africa to require information on senders and recipients for local compliance
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open