In Brief:
- Fantom DeFi protocol Stake Steak has suffered an exploit.
- Hacker has managed to mint large amounts of Protocol’s Steak token.
- The team took the full responsiblity of hack and announced to compensate the users.
DeFi protocol Stake Steak has suffered an exploit that permits a hacker to mint large amounts of protocol’s Steak token.
According to the Post mortem report, the hack scraped off a private key from one of their repositories on Github that had been there for over 5 months. The team took full responsibility for the hack as this was their mistake and announced to compensate the users.
Further details “The exploiters were able to gain access to the STEAK deployer account due to the private keys being visible on the initial commit 5/19 of the steak public contracts on github.”
The first exploiter burned 140,823 STEAK tokens from the Liquidity Pool. The max STEAK supply of 5 mil was preminted. Due to this burn, hackers were able to mint 140,823 STEAK from the compromised deployer account to the exploiter account. These STEAK tokens were then utilized to drain the LP Pool and the hacker came out with 80,636 FTM.
The second exploiter was then able to mint 30,000 more STEAK tokens. Hacker also took out the 18,386 fUSD-USDC LP, 9,719 USDC, and 387 FTM from STEAK reservers. In total the second exploiter took 81,351 USD in value.
According to the report, the Stake Steak developers team wants to rename the protocol. However, they put this decision up for a community vote for 2 possibilities.
Two possibilities
- Rename StakeSteak to Steak StableSwap and with a new token called Singularity.
- Rename StakeSteak to Singularity Swap with the token named Singularity
The Stake Steak taking to Twitter to alert users not to try and buy the dip by buying STEAK tokens. The Stake Steak will take full responsibility for this exploit. It is going to generate stronger architecture, processes and turn Steak into a better protocol.
Recently, Compound Finance suffered an exploit and faced up to $84 million of loss. The core developer of DeFi platform Yearn Finance called this the biggest-ever fund loss in a smart contract incident.
