Tech

Sui DeFi Hit Again as $1.14M Is Drained in Perp Exploit

19 hours ago
Bitcoin Ethereum News

Aftermath Finance’s perps protocol was exploited for $1.14M on Sui. See how the attack unfolded and what the team is doing to recover.

Aftermath Finance confirmed an exploit on its perpetuals protocol on the Sui Network. Blockchain security firm Blockaid detected and flagged the attack in real time. 

The attacker drained roughly $1.14 million in USDC across 11 transactions. The entire drain took approximately 36 minutes to complete.

Related reading:

Another DeFi Blow: Volo Protocol Hit by $3.5M Hack, Freezes Vaults on Sui

How the Aftermath Finance Perps Exploit Unfolded

Blockaid identified the attacker’s address as 0x1a65086c85114c1a3f8dc74140115c6e18438d48d33a21fd112311561112d41e. 

According to Blockaid, the exploit targeted a bug in the perpetual clearing house fee accounting. This bug allowed the attacker to inflate synthetic collateral artificially. 

From there, the attacker withdrew funds directly from protocol vaults.

Aftermath Finance later clarified the root cause in a public update. The team stated the vulnerability came from allowing negative builder code fees to be set. 

That single flaw opened the door for the exploit to occur. The team confirmed that only the perps protocol was affected.

All other Aftermath Finance packages and products stayed safe. The team moved quickly to pause the protocol as a precaution. They stated they were taking steps to minimize any further impact on user funds.

Recovery Efforts and Industry Response

Aftermath Finance confirmed it is now working with several security partners on the response. Those partners include zeroShadow, Seal, Blockaid, and OtterSec. 

The teams are actively tracing the stolen funds. Aftermath Finance also stated it is pursuing every available law enforcement channel.

A patch to the affected contracts is currently under development, the team said. Further updates are expected as the investigation continues. The Mysten Labs team is also supporting the ongoing response effort.

The incident also drew a reaction from Bucket Protocol. The team noted that afSUI serves as collateral on their platform. 

As a precaution, Bucket Protocol set the afSUI mint cap to zero. The team confirmed that Bucket’s core contracts remain unaffected and all other markets stayed live.

Update: Mysten Labs and Sui Foundation Step In to Cover User Losses

Aftermath Finance provided an update shortly after the incident broke. Mysten Labs and the Sui Foundation pledged to cover all losses tied to the exploit. 

According to Aftermath Finance, every affected user will be made whole with zero losses. The team also confirmed the protocol will return to normal operations soon.

Aftermath Finance took the opportunity to clarify one important detail. 

The exploit was not a Move contract-language security issue. The vulnerability existed solely within the perpetual futures module’s fee logic. All other modules, including swap and staking, remained fully operational and unaffected throughout the incident.

The team credited Blockaid for its rapid detection and response during the attack. Coordination with zeroShadow, Seal, OtterSec, and Mysten Labs remained active as investigations continued. 

A patch targeting the negative fees bug is still in development. The bug had allowed phantom collateral creation and equity inflation, making the protocol vulnerable to the drain.

Source: https://www.livebitcoinnews.com/sui-defi-hit-again-as-1-14m-is-drained-in-perp-exploit/