This Token on PancakeSwap “Fundamentally Flawed” with $1.9 Million Drained So Far


article image

Vladislav Sopov

Cybersecurity majors PeckShield noticed yet another multi-million-dollar flaw in DeFi contract; community suspects “inside job”

Contents

CF, a BSC-based asset of early-stage DeFi protocol “Creat Future,” contains a critical flaw in its design. It allowed a hypothetical insider to move CF tokens from their peers’ balances.

CF token allegedly rugged, $1.9 million lost

According to the announcement shared by Peckshield earlier today, on April 11, 2022, CFToken (CF) of “Creat Future” protocol has a critical bug in its smart contract.

The creator of the contract made one of its internal elements public. It allowed everyone to drain the wallets of other CF holders. The attack took place at around 6:00 a.m. (UTC).

So far, more than $1.9 million have been moved while the price of CF dropped 90% in almost no time. The token was listed by PancakeSwap (CAKE), the largest DEX on BNB Chain, in pairs with U.S. Dollar Tether (USDT) and Wrapped Binance Coin (WBNB).

DeFi enthusiasts on Twitter are sure that such a critical flaw could not appear in a smart contract by mistake:

Inside job, nothing new. (…) Self-hacked by dev.

Ronin Network hacker continues moving his loot

By press time, all social media accounts of the mysterious protocol are deleted. However, three hours before the exploit was found, automated services had announced the 130% spike in CF/USDT price on PancakeSwap.

Since the start of 2022, dozens of DeFi and GameFi protocols were attacked; aggregated losses might be eleven-digit.

As covered by U.Today previously, Ronin Network, a purpose-made sidechain for Axie Infinity top-notch GameFi ecosystem, was drained for $625 million.

The hackers are actively moving funds to Tornado Cash mixer, PeckShield claims.

Source: https://u.today/beware-this-token-on-pancakeswap-fundamentally-flawed-with-19-million-drained-so-far