DeFi liquidity locker Team Finance exploited for $15 million

Team Finance has become the latest DeFi protocol exploited in October. The team confirmed the incident on Thursday, noting that $14.5 million in crypto tokens has been drained by hackers through a bug in its v2 to v3 migration function. However, blockchain security firm PeckShield claims the losses are higher.

Team Finance hacked for $15 million

In its report, PeckShield explained that the attackers exploited the migrate function to transfer real liquidity from Uniswap V2 to V3 with skewed prices. The manipulated price of assets enabled the hackers to receive a significant profit from the transaction. The statement precisely reads:

“The protocol has a flawed migrate() that is exploited to transfer real UniswapV2 liquidity to an attacker-controlled new V3 pair with skewed price, resulting in huge leftover as the refund for profit. Also, the authorized sender check is bypassed by locking any tokens.”

Four tokens’ trading pairs were affected in the attack to the tune of $15.8 million, according to the security platform. CAW (A Hunters Dream) saw the largest loss at $11.5 million, followed by Dejitaru Tsuka at $1.7 million, Kondux at $0.7 million, and Feg at $1.9 million. Team Finance is yet to confirm a fix for the vulnerability. 

Crypto hacks in October are alarming 

However, all activities of the protocol have been temporarily suspended “until we are certain this exploit has been remedied,” the team tweeted, adding that all the funds managed by Team Finance are not at risk. Team Finance manages about $3 billion in assets, per the Twitter description.

The number of protocols hacked in October is unprecedented and alarming. Earlier this month, Chainalysis reported that October was the worst month in crypto hacking, with about 11 protocols hacked for $718 million in total. This growing rate of attacks put 2022 on pace to become the worst year in history. 

Source: https://www.cryptopolitan.com/team-finance-exploited-for-15-million/