CertiK tweeted that Rikkei Finance was attacked due to a lack of access control on function setOracleData. The attacker changed the oracle to a malicious contract, and then manipulated prices, borrowed funds to then drain $USDC, $BTCB, $DAI, $USDT, $BUSD and $BNB from the contract in successive transactions. The attacker swapped all of those tokens to 2,671 $BNB (about $1.11 million) and then used Tornado Cash to transfer those $BNB out of his address.
Source Metaverse
DeFi
Security Incidents
Get the most concise crypto news, research, and insights by subscribing to our free newsletter.
