• bitcoinBitcoin (BTC) $ 117,873.00
  • ethereumEthereum (ETH) $ 3,791.50
  • xrpXRP (XRP) $ 3.13
  • tetherTether (USDT) $ 0.999780
  • bnbBNB (BNB) $ 805.01
  • solanaSolana (SOL) $ 181.28
  • usd-coinUSDC (USDC) $ 0.999812
  • staked-etherLido Staked Ether (STETH) $ 3,788.13
  • dogecoinDogecoin (DOGE) $ 0.223694
  • tronTRON (TRX) $ 0.338127
  • cardanoCardano (ADA) $ 0.782450
  • wrapped-stethWrapped stETH (WSTETH) $ 4,574.92
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 117,517.00
  • hyperliquidHyperliquid (HYPE) $ 43.41
  • suiSui (SUI) $ 3.81
  • stellarStellar (XLM) $ 0.420862
  • chainlinkChainlink (LINK) $ 17.82
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 4,072.46
  • bitcoin-cashBitcoin Cash (BCH) $ 563.78
  • hedera-hashgraphHedera (HBAR) $ 0.263657
  • wrapped-eethWrapped eETH (WEETH) $ 4,064.31
  • avalanche-2Avalanche (AVAX) $ 24.36
  • wethWETH (WETH) $ 3,792.05
  • leo-tokenLEO Token (LEO) $ 8.96
  • litecoinLitecoin (LTC) $ 108.52
  • the-open-networkToncoin (TON) $ 3.37
  • shiba-inuShiba Inu (SHIB) $ 0.000013
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • usdsUSDS (USDS) $ 0.999754
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 117,910.00
  • whitebitWhiteBIT Coin (WBT) $ 44.03
  • uniswapUniswap (UNI) $ 10.29
  • polkadotPolkadot (DOT) $ 3.90
  • moneroMonero (XMR) $ 313.99
  • bitget-tokenBitget Token (BGB) $ 4.53
  • pepePepe (PEPE) $ 0.000012
  • crypto-com-chainCronos (CRO) $ 0.145195
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.19
  • aaveAave (AAVE) $ 282.08
  • daiDai (DAI) $ 0.999815
  • bittensorBittensor (TAO) $ 383.48
  • ethenaEthena (ENA) $ 0.570579
  • nearNEAR Protocol (NEAR) $ 2.72
  • ethereum-classicEthereum Classic (ETC) $ 21.74
  • pi-networkPi Network (PI) $ 0.428725
  • aptosAptos (APT) $ 4.58
  • ondo-financeOndo (ONDO) $ 0.958456
  • internet-computerInternet Computer (ICP) $ 5.45
  • okbOKB (OKB) $ 48.30
  • jito-staked-solJito Staked SOL (JITOSOL) $ 221.19
  • mantleMantle (MNT) $ 0.762876
  • kaspaKaspa (KAS) $ 0.095588
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.037996
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,798.92
  • algorandAlgorand (ALGO) $ 0.260350
  • bonkBonk (BONK) $ 0.000029
  • usd1-wlfiUSD1 (USD1) $ 0.999403
  • arbitrumArbitrum (ARB) $ 0.424493
  • vechainVeChain (VET) $ 0.025241
  • cosmosCosmos Hub (ATOM) $ 4.61
  • gatechain-tokenGate (GT) $ 17.56
  • render-tokenRender (RENDER) $ 3.93
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.221591
  • fasttokenFasttoken (FTN) $ 4.58
  • worldcoin-wldWorldcoin (WLD) $ 1.08
  • official-trumpOfficial Trump (TRUMP) $ 9.48
  • spx6900SPX6900 (SPX) $ 2.00
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.708250
  • sei-networkSei (SEI) $ 0.318859
  • skySky (SKY) $ 0.085455
  • binance-staked-solBinance Staked SOL (BNSOL) $ 192.96
  • susdssUSDS (SUSDS) $ 1.06
  • rocket-pool-ethRocket Pool ETH (RETH) $ 4,312.84
  • filecoinFilecoin (FIL) $ 2.57
  • flare-networksFlare (FLR) $ 0.024845
  • story-2Story (IP) $ 5.82
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,974.17
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 117,674.00
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 5.05
  • xdce-crowd-saleXDC Network (XDC) $ 0.099872
  • jupiter-exchange-solanaJupiter (JUP) $ 0.537541
  • usdtbUSDtb (USDTB) $ 0.999551
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 4,019.76
  • kucoin-sharesKuCoin (KCS) $ 11.32
  • mantle-staked-etherMantle Staked Ether (METH) $ 4,056.73
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 4,097.77
  • injective-protocolInjective (INJ) $ 14.10
  • usdt0USDT0 (USDT0) $ 0.999939
  • curve-dao-tokenCurve DAO (CRV) $ 0.988472
  • celestiaCelestia (TIA) $ 1.87
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.996788
  • nexoNEXO (NEXO) $ 1.32
  • optimismOptimism (OP) $ 0.725097
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,991.74
  • blockstackStacks (STX) $ 0.781395
  • polygon-bridged-usdt-polygonPolygon Bridged USDT (Polygon) (USDT) $ 0.999636
  • falcon-financeFalcon USD (USDF) $ 0.999642
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 117,562.00
  • flokiFLOKI (FLOKI) $ 0.000116
  • fartcoinFartcoin (FARTCOIN) $ 1.09
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 204.26
  • wbnbWrapped BNB (WBNB) $ 805.64
  • immutable-xImmutable (IMX) $ 0.561522
  • conflux-tokenConflux (CFX) $ 0.206344
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 3,785.46
  • the-graphThe Graph (GRT) $ 0.102134
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
  • sonic-3Sonic (S) $ 0.307791
  • pump-funPump.fun (PUMP) $ 0.002808
  • dogwifcoindogwifhat (WIF) $ 0.984983
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.85
  • ethereum-name-serviceEthereum Name Service (ENS) $ 28.61
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • pax-goldPAX Gold (PAXG) $ 3,334.54
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 117,699.00
  • saros-financeSaros (SAROS) $ 0.357000
  • msolMarinade Staked SOL (MSOL) $ 237.94
  • syrupusdcSyrupUSDC (SYRUPUSDC) $ 1.11
  • lido-daoLido DAO (LDO) $ 1.04
  • kaiaKaia (KAIA) $ 0.159277
  • clbtcclBTC (CLBTC) $ 120,697.00
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.38
  • tezosTezos (XTZ) $ 0.849949
  • vaultaVaulta (A) $ 0.543662
  • theta-tokenTheta Network (THETA) $ 0.854891
  • tether-goldTether Gold (XAUT) $ 3,330.19
  • raydiumRaydium (RAY) $ 3.03
  • super-oethSuper OETH (SUPEROETH) $ 3,790.67
  • iotaIOTA (IOTA) $ 0.203562
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 4,055.10
  • cgeth-hashkey-cloudcgETH Hashkey Cloud (CGETH.HASH) $ 3,916.27
  • jasmycoinJasmyCoin (JASMY) $ 0.016058
  • galaGALA (GALA) $ 0.016826
  • pyth-networkPyth Network (PYTH) $ 0.126551
  • the-sandboxThe Sandbox (SAND) $ 0.295894
  • pendlePendle (PENDLE) $ 4.37
  • aerodrome-financeAerodrome Finance (AERO) $ 0.815328
  • ousgOUSG (OUSG) $ 111.98
  • bittorrentBitTorrent (BTT) $ 0.00000071
  • jito-governance-tokenJito (JTO) $ 1.92
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.08
  • usdx-money-usdxStables Labs USDX (USDX) $ 0.997608
  • tbtctBTC (TBTC) $ 117,574.00
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,791.94
  • zcashZcash (ZEC) $ 40.54
  • flowFlow (FLOW) $ 0.394045
  • heliumHelium (HNT) $ 3.24
  • newton-projectAB (AB) $ 0.008522
  • walrus-2Walrus (WAL) $ 0.427151
  • stader-ethxStader ETHx (ETHX) $ 4,033.29
  • usual-usdUsual USD (USD0) $ 0.997632
  • morphoMorpho (MORPHO) $ 1.80
  • decentralandDecentraland (MANA) $ 0.301873
  • ripple-usdRipple USD (RLUSD) $ 0.999705
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.224121
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 117,851.00
  • syrupMaple Finance (SYRUP) $ 0.473778
  • memecoreMemeCore (M) $ 0.339876
  • usddUSDD (USDD) $ 0.999631
  • solv-protocol-solvbtc-bbnSolv Protocol Staked BTC (XSOLVBTC) $ 117,061.00
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,792.10
  • mog-coinMog Coin (MOG) $ 0.000001
  • bitcoin-svBitcoin SV (BSV) $ 27.93
  • chain-2Onyxcoin (XCN) $ 0.016012
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 4,181.19
  • build-onBUILDon (B) $ 0.543285
  • beldexBeldex (BDX) $ 0.075822
  • coredaoorgCore (CORE) $ 0.535984
  • based-brettBrett (BRETT) $ 0.052821
  • ether-fiEther.fi (ETHFI) $ 1.21
  • keetaKeeta (KTA) $ 1.25
  • swethSwell Ethereum (SWETH) $ 4,150.27
  • reserve-rights-tokenReserve Rights (RSR) $ 0.008501
  • arweaveArweave (AR) $ 7.60
  • true-usdTrueUSD (TUSD) $ 0.997287
  • apecoinApeCoin (APE) $ 0.616219
  • thorchainTHORChain (RUNE) $ 1.40
  • telcoinTelcoin (TEL) $ 0.005341
  • apenftAPENFT (NFT) $ 0.00000049
  • wrapped-hypeWrapped HYPE (WHYPE) $ 43.33
  • neoNEO (NEO) $ 6.50
  • starknetStarknet (STRK) $ 0.127311
  • zebec-networkZebec Network (ZBCN) $ 0.005273
  • savings-daiSavings Dai (SDAI) $ 1.16
  • frax-etherFrax Ether (FRXETH) $ 3,779.60
  • dydx-chaindYdX (DYDX) $ 0.594044
  • compound-governance-tokenCompound (COMP) $ 47.62
  • aioz-networkAIOZ Network (AIOZ) $ 0.377278
  • polygon-pos-bridged-weth-polygon-posPolygon PoS Bridged WETH (Polygon POS) (WETH) $ 3,792.03
  • elrond-erd-2MultiversX (EGLD) $ 15.30
  • ecasheCash (XEC) $ 0.000022
  • sun-tokenSun Token (SUN) $ 0.022410
  • tokenize-xchangeTokenize Xchange (TKX) $ 5.31
  • wemix-tokenWEMIX (WEMIX) $ 0.936229
  • kavaKava (KAVA) $ 0.389819
  • treehouse-ethTreehouse ETH (TETH) $ 4,581.05
  • zksyncZKsync (ZK) $ 0.057951
  • dexeDeXe (DEXE) $ 7.33
Bitcoin

Vestra DAO (VSTR) smart contract exploited less than a month after its launch

By admin
0 36

Vestra DAO (VSTR) smart contract exploited less than a month after its launch

Vestra DAO appears to have been hacked. On-chain analysts noted suspicious activity where VSTR tokens, the protocol’s native ERC-20 token, were being moved from available smart contracts and immediately sent to the Tornado mixer.

At least $480K worth of tokens had been stolen at the time of the reports. While the initial attack was relatively small, the risk remained for other participants. On-chain researcher Chaofan Shou first noted the exploit, advising all users to withdraw permissions.

Vestra DAO @Vestra_DAO is hacked just now and still ongoing. $480K loss already and more to come. Withdraw your stake and pull liquidity immediately. pic.twitter.com/0b9i1lhrEw

— Chaofan Shou (@shoucccc) December 4, 2024

The exploit has affected the VSTR token staking contract, with the funds immediately liquidated and sent to the Tornado mixer. For VSTR, more than 65% of the tokens are locked for governance, with over 34B tokens.

The affected smart contract holds the remaining 755M VSTR tokens, making up 1.51% of the total supply. Despite the attack against a relatively small token, the subsequent market crash erased even more value from the project. For now, Vestra DAO may have enough VSTR in its reserves to compensate users, while trying to repair its reputational damage.

Exploiter waited for a month before exploiting a contract logic flaw

The exploiter sold in a rush, paying 0.51 ETH to Beaverbuild for priority inclusion in a block. Vestra DAO’s locked staking contract was affected, directly sending out VSTR tokens.

For hours, the exploiter sent out spam transactions for 520K or 500K VSTR to the contract, in the end, trading $480K in total. The attack exploited a logic flaw in the contract, which allowed the hacker to receive 20,000 VSTR after each transaction.

On-chain analysis showed that the attacker first staked VSTR to the contract 30 days ago, lurking and studying the contract’s flaw. Then, the automated series of transactions started extracting VSTR with each iteration of staking and unstaking.

The data checks on every deposit and withdrawal did not trigger any warnings, allowing the attacker to drain the contract over multiple deposit and withdrawal transactions. The contract checked the maturity only once, but the hacker had completed the requirement by staking 30 days ago.

The result of the exploit was a haul of 125 ETH, which was mixed through Tornado Cash. The attacker spent $40K on Ethereum gas for the fastest possible swaps, briefly becoming the biggest gas user on the chain.

Vestra DAO has not issued the specifics of the attack and claimed user funds remained unaffected. However, the contract was drained of its VSTR tokens, clearly taking value from the project.

VSTR tokens hacked a month after trading launch

Vestra DAO is a relatively new project, with VSTR tokens trading since November 6. The token is only available in a Uniswap V3 trading pair.

The DAO ran its very first proposal on October 14, and it was tied to selling 1B tokens from the project’s treasury. The VSTR token still has only 1,643 holders, adding to the limited effect of the hack.

The token immediately crashed after the attack, from $0.013 to $0.005. Later, VSTR inched up to $0.009 but remains extremely illiquid and volatile. In addition to the direct loss, VSTR also wiped out half its market capitalization.

At this point, VSTR may be even riskier than early-stage meme tokens. The biggest risk is that VSTR tokens only have $1.9M in liquidity, which is not locked and can be further exploited via a rug pull.

Vestra DAO (VSTR) smart contract exploited less than a month after its launch

Vestra DAO (VSTR) still relies on a Uniswap V3 pair, while its liquidity is unlocked and at risk for a rug pull. | Source: DexScreener

The other risk for the project is that its contracts invoke functions from external smart contracts, leading to a general warning on CoinGecko. Vestra DAO claimed it had blacklisted its staking contract, but it is unknown if similar vulnerabilities exist for other smart contracts.

Even for audited projects, smart contracts may not always be entirely secure and may hold exploit possibilities. In the case of the VestraDAO, the early-stage project may recover and boost its reliability.

Vestra DAO appealed to the Turkish crypto community, one of the most active groups of early adopters. The VSTR token even had a conversion price into Turkish lira.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Source

admin 17186 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.

Verified by MonsterInsights