BTC PULSE
No Result
View All Result
Play Now
No Result
View All Result
BTC PULSE
No Result
View All Result
Play Now
Home Blockchain

DeFi Platform Hacked, Users to be Compensated

by Darius Ngetich
Dec 26, 2022 - 12:00 am
in Blockchain
DeFi Platform Hacked

According to Rubic Protocol, on December 25, one of its routing contracts was breached, forcing them to suspend contracts until the issue is investigated. When the Rubic cross-chain decentralized finance (DeFi) protocol was hacked, money kept in its users’ addresses was taken out and sent to the hackers.

We're continuing to update you, Rubicans.
Our contract became compromised because the USDC address was whitelisted to interact directly with Rubic. We're investigating the reasons why, but it was required to work with some of our providers.

— Rubic (@CryptoRubic) December 25, 2022

The designers of the protocol also recommended that users utilize the revoke. Cash tool to cancel contract authorization. According to a Twitter thread from blockchain cybersecurity company PeckShield, a flaw in the Rubic protocol allowed money to be taken straight from the wallets that approved its smart contracts for $1.41 million.

Rubic @CryptoRubic is exploited (w/ ~$1.41M) https://t.co/ckAfQr9kgm
1,100 $ETH already into Tornado Cash from the exploiter https://t.co/yPkrC2hFCZ pic.twitter.com/25rLUcMbkf

— PeckShield Inc. (@peckshield) December 25, 2022

The money was sent to the exploiter address via transactions utilizing the stablecoin USD Coin (USDC) on the Uniswap decentralized exchange (DEX). According to PeckShied, the exploit was feasible when USDC was unintentionally added to compatible routers. A malicious contract usage was further made possible by “a lack of validation in ruterCallNative.”

How did this come to be?

This comes after another firm, LastPass, was previously hacked, adding to the many recent hacks being witnessed. The ruterCallNative function has several possible flaws, including invalidated input for the “_params” and “_data” arguments, according to a brief brilliant contract analysis using chatGPT. These may let an attacker send malicious information that might cause improper or undesired behavior.

Furthermore, an attacker may be able to construct a contract and have it executed by the RubicProxy agreement if the “_gateway” option given to the function is unrestricted.

The attacker employed a specially created smart contract in the attack. The 337 lines of code the attacker used to carry out the attack as effectively as possible are visible in the decoded bytecode.

The Uniswap protocol siphoned off just USDC and exchanged it for wrapped ethereum in the first two transfers to the hacker’s address, totaling 1,161.55 and 26.88 ethereum (ETH) (WETH). This WETH was transferred to Tornado Cash, an authorized on-chain mixer, to anonymize the illegally obtained monies.

The hacker’s address was the source of $1.45 million in incoming transactions submitted to the coin anonymization service, out of a total incoming value for the benefit of around $2.9 million. In other words, the exploiter sent around half of the assets to the mixer today.

Tags: DeFiPeckShieldUSDC
Darius Ngetich

Darius Ngetich

Darius Ngetich is a blockchain, crypto, and gaming enthusiast. He is also an animator, VFX Artist, and Game Developer, specializing in computers with vast experience in programs like Blender, Unity, and Unreal Engine. My passions are creating games and informing others about the latest developments in crypto, blockchain, and gaming.

Related Posts

Exterior view of the Czech National Bank building in Prague, symbolizing the institution’s financial strategies and innovation.

Bank of England Governor Says Stablecoins Could Reduce Reliance on Banks

October 1, 2025

Andrew Bailey says stablecoins could reduce UK reliance on commercial banks by separating money from credit, signaling a...

blockchain

Spacecoin Executes First Blockchain Transaction Through Space

October 1, 2025

Spacecoin has achieved the first-ever blockchain transaction through space using a nanosatellite, marking a milestone for decentralization and...

The headquarters of the Autorité des Marchés Financiers (AMF) Investor in Paris, France, the regulatory body warning investors against ByBit.

French Officials Pressured Telegram to Censor Moldova Election Posts: Durov

September 28, 2025

Pavel Durov revealed French intelligence pressured Telegram to censor Moldova election content in 2024, which he refused, citing...

Wall Street financial district with Bitcoin symbol representing institutional adoption

Bitcoin skepticism fades as nations gear up for adoption, says Samson Mow

September 28, 2025

Samson Mow predicts nation-states will move from skepticism to rapid Bitcoin adoption, fueling global FOMO and a rush...

View All
BTC-Pulse LogoTransparent

© 2024 BTC-PULSE. Disclaimer: The content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice.

Info

  • Learn
  • Price Prediction
  • Events
  • Press Releases
  • Sitemap

Company

  • About Us
  • Terms of Service
  • Privacy Policy
  • Contact Us
  • Advertise

News

  • Altcoins
  • Bitcoin
  • Ethereum
  • NFT
  • Regulation
  • WEB 3.0

©2024 BTC-PULSE – All right Reserved.

No Result
View All Result
  • About Us
  • Advertise
  • BTC-PULSE
  • Contact Us
  • Events
  • Privacy Policy
  • Sitemap
  • Terms of Service