Security Breach in Hope Finance Project Results in $1.8 Million Losses

On February 21, according to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of Beosin, a blockchain security audi…

Security Breach in Hope Finance Project Results in $1.8 Million Losses

On February 21, according to the Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of Beosin, a blockchain security audit company, the Hope Finance project Rug Pull. The Beosin security team found that the attacker (0xdfcb) used the multi-signature wallet (0x1fc2) to execute the transaction of modifying the router address of the TradeHelper contract, so that when the GenesisRewardPool contract used the openTrade function for borrowing and lending, it called the TradeHelper contract SwapWETH function for swap, and did not swap through the original sushiswap router, but directly sent the incoming token to the attacker (0x957d) to gain profits. The attackers withdrew about $1.8 million twice.

Beosin: The attacker executed the transaction of modifying the router address of the TradeHelper contract by using the multi-signature wallet

Interpret the above information:


Beosin EagleEye security risk monitoring, early warning and blocking platform monitoring of Beosin, a blockchain security audit company, has revealed a security breach in the Hope Finance project resulting in a loss of $1.8 million. The attack was carried out by an attacker identified as 0xdfcb, who used the multi-signature wallet 0x1fc2 to modify the router address of the TradeHelper contract. This caused the GenesisRewardPool contract to use the SwapWETH function of the TradeHelper contract instead of the original sushiswap router, thereby sending the incoming token directly to the attacker’s wallet 0x957d, resulting in profits for the attacker.

This kind of attack is commonly known as a rug pull, wherein the attacker exploits a vulnerability in the smart contract system to drain funds from the community. The attack is carried out by creating a liquidity pool in a decentralized exchange, enticing users to invest, and then making the token worthless by selling off the entire pool at once.

The Beosin security team’s analysis of the attack shows the importance of having robust security measures in place when dealing with blockchain applications. It is crucial to employ measures such as automated vulnerability scanning, multi-factor authentication, and code audits to prevent such attacks.

The fact that the attacker was able to withdraw funds worth $1.8 million twice shows the severity of the breach and the need for continuous monitoring and surveillance in the blockchain ecosystem. The security breach could have been prevented if proper security protocols were in place, and the community needs to be vigilant and proactive in maintaining the security of the system.

In conclusion, the Beosin EagleEye security risk monitoring platform has identified a security breach in the Hope Finance project, resulting in a substantial loss of funds. This underscores the importance of employing robust security measures when dealing with blockchain applications to prevent such attacks. The incident also highlights the need for continuous monitoring and surveillance in the blockchain ecosystem as a whole.

This article and pictures are from the Internet and do not represent SipPop's position. If you infringe, please contact us to delete:https://www.sippop.com/2007.htm

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.