TheCryptoUpdates
Crypto Scams

Vestra DAO Suffers $480K Hack: On-Chain Analyst

Vestra DAO Suffers $480K Hack: On-Chain Analyst

In a stunning turn of events, the decentralized autonomous organization Vestra DAO has reportedly been hacked. The breach came to light when on-chain analysts noted suspicious transactions involving the DAO’s native ERC-20 token, VSTR. The tokens were seen being moved from smart contracts and immediately sent to the Tornado mixer, a platform known for its privacy services.

The loss incurred so far stands at $480K worth of tokens. Although the initial attack was relatively small, the risk remained for other participants. On-chain researcher Chaofan Shou was the first to detect the exploit, advising all users to immediately withdraw permissions.

The exploit has primarily targeted the VSTR token staking contract. The stolen tokens were promptly liquidated and sent to the Tornado mixer. In the case of VSTR, over 65% of the tokens are locked for governance, with a substantial count of over 34 billion tokens.

The smart contract affected by this hack held the remaining 755 million VSTR tokens, which is equivalent to 1.51% of the total supply. Despite the attack being against a relatively small pool of tokens, the subsequent market crash wiped out even more value from the project. For now, Vestra DAO may possess enough VSTR in its reserves to compensate users, while simultaneously grappling with the task of repairing its reputational damage.

In a more detailed analysis, it was found that the exploiter had waited for a month before exploiting a contract logic flaw. The attacker sold in haste, paying 0.51 ETH to Beaverbuild for priority inclusion in a block. For several hours, the exploiter sent spam transactions for 520K or 500K VSTR to the contract, eventually trading a total of $480K.

This attack exploited a logic flaw in the contract, which allowed the hacker to receive 20,000 VSTR after each transaction. On-chain analysis showed that the attacker had first staked VSTR to the contract 30 days ago, presumably studying the contract’s flaw before launching the automated series of transactions that extracted VSTR with each iteration of staking and unstaking.

Though Vestra DAO has not issued specific details of the attack, it claimed that user funds remained unaffected. However, the contract was drained of its VSTR tokens, which undeniably detracted value from the project.

Vestra DAO is a relatively new project, with VSTR tokens trading only since November 6. The token is currently only available in a Uniswap V3 trading pair. The DAO ran its very first proposal on October 14, and it involved selling 1 billion tokens from the project’s treasury.

The attack caused the VSTR token to crash from $0.013 to $0.005. It later inched up to $0.009 but remains extremely illiquid and volatile. The hack not only resulted in a direct loss but also wiped out half of VSTR’s market capitalization.

It is worth noting that, despite audits, smart contracts may not always be entirely secure and may hold exploit possibilities. In the case of Vestra DAO, the early-stage project may recover and bolster its reliability. Vestra DAO appealed to the Turkish crypto community, one of the most active groups of early adopters. The VSTR token even had a conversion price into Turkish lira. However, the recent events have certainly put a dent in its image and market value.

Related Articles

NEO Bug Allows Hackers to Steal Coins Remotely, Claims Tencent

Kesarwani

Winklevoss Brothers Sue Charlie Shrem Over $32 Million in Bitcoin

Kesarwani

Breakthrough in Crowd Machine Hacking Case- Two Suspects Arrested in Oklahoma

Kesarwani
Desktop Banner
Mobile Banner