On the brink of disaster – A decentralised finance protocol (DeFi) has narrowly averted a disaster, following the discovery of a loophole in its smart contract. In order to protect the funds at stake from a malicious act, it was the Primitive Finance protocol’s own team that temporarily hacked into the cryptosystems.
Preventive hacking to avoid disappointment
Early this morning of February 22nd, the entire Primitive Finance team was on high alert. The DeFi protocol was warned by the cybersecurity service Dedaub (specialized in blockchains) that their smart contract had a critical flaw, which exposed the funds put at stake by the users.
As this smart contract could not be updated or suspended to avoid any risk of hacking, it was the Primitive Finance teams themselves who exploited this flaw (through a white hack), in order to put the endangered funds in safekeeping.
🚨 EMERGENCY ALERT🚨 @PrimitiveFi has whitehacked our contracts to safeguard user funds after a critical vulnerability was discovered.Further user action is required to safeguard funds 👇- Go to ALERT🚨- Reset all vulnerable approvals
A process for claiming these pirated funds for the good cause will be set up and announced soon, so that each user can recover his funds.
A small part of the funds still exposed: we must act quickly
Be careful though! Primitive Finance reports in another tweet that, even if « 98% of the funds » could be recovered, the tokens in the wallets that approved the vulnerable contract are « still at risk ».
The protocol teams detail the steps users should take to protect their funds and recommend that they do so immediately:
Repeat the maneuver for each token displayed on the Primitive Finance user interface to protect all funds.
According to the first assessment of the situation presented on Primitive Finance’s blog, the flaw would be related to the infinite approvals of the vulnerable smart contract.
Note that the protocol, launched in December 2020, allowed liquidity providers to obtain returns on ethers (ETH) and stablecoin DAIs in particular.
Although it was audited by Open Zeppelin in August 2020, this flaw could have been fatal for the protocol, if Primitive Finance teams had not reacted quickly.
At the time of writing, no malicious hacking of the remaining 2% of exposed funds has taken place. Primitive Finance users can therefore take a breather after this little scare. In fact, they should get their precious cryptos back soon.
Which crypto to invest?
What are the Cryptomonnages?
Quel crypto investir 2021 ?
Which crypto currency to buy in 2020?
Which crypto to buy in 2020?
What is the most profitable crypto currency?
What are the fees on Binance?