SlowMist, which focuses on blockchain ecosystem security, and has served major digital asset firms such as Huobi, OKEx, Binance, imToken (with around 1,000 commercial customers), notes that according to updates from the SlowMist Zone, the DeFi project Uranium on the Binance Smart Chain (BSC) was “hacked” with “a loss of 50 million U.S. dollars.”
The SlowMist security team claims that they “immediately intervened” in the analysis and have shared it here:
Attack analysis
As noted by SlowMist, this problem “occurred on the pair contract” of the Uranium project. The swap function “part of the contract logic” refers to the logic of PancakeSwap, a decentralized or non-custodial exchange (DEX) built on BSC.
The swap function allowing users to lend funds via flash loans, SlowMist explained while adding that “when this function checks the contract balance according to the constant product formula, there is a problem of accuracy processing errors, resulting in the balance calculated in the final contract being 100 times larger than the actual balance of the contract.”
In this particular case, SlowMist explained, if the attacker happens to use a flash loan to borrow funds, they are only required to “return 1% of the loan amount to pass the inspection and steal the remaining 99% of the balance, resulting in project losses.”
While sharing the summary of the incident, SlowMist noted:
“At present, Uranium official has issued a document confirming the theft, and recommends that users contact the official to calculate the loss. The SlowMist security team recommends that users pay attention to risks when participating in DeFi projects, participate cautiously, and choose reliable project parties that have undergone security audits to participate in DeFi to avoid financial losses.”
Reference link:
https://bscscan.com/tx/0x5a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5787893c37991
As noted in the update, SlowMist Technology is a company that specializes in blockchain or distributed ledger technology (DLT) ecosystem security. SlowMist has worked with various projects across the globe through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions.”
SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consultant, and variou other services. SlowMist says it’s “equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products.”