Coin Edition -
- A scammer attempted multiple times to steal over $1M from Swerve Finance.
- The hack failed as the scammer needed more tokens to execute proposals.
- MyAlgo has unveiled preliminary findings regarding the ongoing security breach.
Igor Igamberdiev, head of research at the well-known market maker Wintermute, recently detailed how a fraudster tried to carry out a governance attack on Swerve Finance, a decentralized finance (DeFi) platform.
Igamberdiev noted that the scammer attempted multiple times in the past week to steal over $1 million in various stablecoins from the protocol but failed due to the platform’s governance structure and the community’s actions.
1/10For more than a week, someone has been trying to carry out a governance attack on @SwerveFinance (a dead Curve clone) and steal $1M+ in various stablecoinsLet’s figure out why he didn’t succeed and also find out who the exploiter ishttps://t.co/ZYQ2bkrsPA— Igor Igamberdiev (@FrankResearcher) March 24, 2023
The researcher explained that Aragon powers Swerve Finance and that voters on the platform use veSWRV to execute proposals. While the attacker owns 495,000 veSWRV tokens, they needed 571,000 to implement proposals.
The tweets provided a timeline of the events that led up to the attack, including messages sent between different addresses, transfers of cryptocurrency, and attempts to create proposals to transfer ownership of the platform. Igamberdiev ultimately suggested that the owner of the “Silvavault” address, with @joaorcsilva username on Twitter, may have been the attacker.
Additionally, the researcher encouraged the community to help protect Swerve from future attacks by transferring ownership to the null address. The null address is an address that cannot be accessed or controlled by anyone, which can help prevent attacks by ensuring that ownership of the platform remains decentralized.
On the other hand, crypto wallet MyAlgo recently released preliminary findings of an ongoing investigation regarding a security breach on its wallet service last month.
1/ MyAlgo Incident: Summary of preliminary findingsThe preliminary investigation reveals that the attackers employed a MITM attack technique by exploiting the content delivery platform (CDN) to set up a malicious proxy.— MyAlgo (@myalgo_) March 20, 2023
According to the report, the attackers allegedly used a man-in-the-middle attack technique to exploit the content delivery platform (CDN) used by MyAlgo to set up a malicious proxy. MyAlgo claimed the proxy then modified the original code with harmful code, presenting a malicious version to users accessing the wallet.
The post Researcher Unveils Scammer Behind Failed Swerve $1M Governance Attack appeared first on Coin Edition.