{"id":69203,"date":"2022-10-27T18:04:04","date_gmt":"2022-10-27T15:04:04","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=69203"},"modified":"2025-09-07T18:36:28","modified_gmt":"2025-09-07T15:36:28","slug":"hacker-siphons-15-8m-from-defi-protocol-team-finance","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-siphons-15-8m-from-defi-protocol-team-finance\/","title":{"rendered":"Hacker siphons $15.8m from DeFi protocol Team Finance"},"content":{"rendered":"<p>An unknown actor exploited a vulnerability in the DeFi protocol Team Finance and siphoned cryptocurrency assets worth $15.8 million.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">1\/ <a href=\"https:\/\/twitter.com\/TeamFinance_?ref_src=twsrc%5Etfw\">@TeamFinance_<\/a> was exploited in <a href=\"https:\/\/t.co\/9s5lLx7EOr\">https:\/\/t.co\/9s5lLx7EOr<\/a>,<br \/>leading to the loss of ~$15.8M for the protocol: $11.5M (V2_USDC_CAW)+$1.7M(V2_USDC_TSUKA)+0.7M(V2_KNDX_WETH)+1.9M(V2_FEG_WETH). <a href=\"https:\/\/twitter.com\/TrustSwap?ref_src=twsrc%5Etfw\">@trustswap<\/a> <a href=\"https:\/\/t.co\/7r1F0J6ATv\">https:\/\/t.co\/7r1F0J6ATv<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1585587858978623491?ref_src=twsrc%5Etfw\">October 27, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to PeckShield researchers, the attacker exploited a bug in the token migration function. He moved real liquidity from Uniswap V2 into new pairs on the protocol\u2019s third version with a skewed price, returning \u201chuge profits.\u201d<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">2\/ The protocol has a flawed migrate() that is exploited to transfer real UniswapV2 liquidity to an attacker-controlled new V3 pair with skewed price, resulting in huge leftover as the refund for profit. Also, the authorized sender check is bypassed by locking any tokens. <a href=\"https:\/\/t.co\/G2QVNU7DgU\">pic.twitter.com\/G2QVNU7DgU<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1585588528292954113?ref_src=twsrc%5Etfw\">October 27, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>To carry out the attack, he needed only 1.76 ETH worth about $2,730 at the time of writing. The attacker transferred the funds from the automated crypto-exchange FixedFloat.<\/p>\n<p>As a result the unknown actor withdrew from Uniswap V2:<\/p>\n<ul class=\"wp-block-list\">\n<li>~$15,4 \u043c\u043b\u043d in Hunters Dream (CAW) tokens;<\/li>\n<li>~$1,7 \u043c\u043b\u043d in Dejitaru Tsuka (TSUKA);<\/li>\n<li>~$2,6 \u043c\u043b\u043d in WETH.<\/li>\n<\/ul>\n<p>The Team Finance team confirmed the incident and said that the exploited function had undergone an audit. The developers began an investigation and invited the hacker to discuss returning funds in exchange for a bounty.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;We are temporarily suspending all operations through Team Finance until we are confident that the exploit has been fixed. All funds currently in the protocol are not at risk from this vulnerability,&#8221; the team said.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">We have just been alerted of an exploit on Team Finance. <br \/>We are currently unsure of the details. <br \/>We urge the exploiter to get in contact with us for a bounty payment<\/p>\n<p>We are working to analyze and remedy the situation at this very moment. <\/p>\n<p>More details to follow<\/p>\n<p>\u2014 Team Finance (@TeamFinance_) <a href=\"https:\/\/twitter.com\/TeamFinance_\/status\/1585562380591063043?ref_src=twsrc%5Etfw\">October 27, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As reported in Mango Markets incident, on October 12 attackers drained the trading and lending DeFi platform Mango Markets of digital assets <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-stole-more-than-100-million-from-mango-markets-defi-platform\">worth about $116 million<\/a>, by manipulating oracles. One of the attackers, Avraham Eisenberg, <a href=\"https:\/\/u1f987.com\/en\/news\/mango-markets-attacker-earns-another-100000-from-mango-inu-meme-token\">described the actions of the group<\/a> as a legitimate execution of a high-earning trading strategy.<\/p>\n<p>The Mango Markets community approved an agreement under which the hackers <a href=\"https:\/\/u1f987.com\/en\/news\/mango-markets-community-approves-47-million-deal-with-hacker\">will return $69 million<\/a> and keep $47 million as a bounty.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news in our Telegram \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown actor exploited a vulnerability in the DeFi protocol Team Finance and siphoned cryptocurrency assets worth $15.8 million.<\/p>\n","protected":false},"author":1,"featured_media":69204,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-69203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"23","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/69203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=69203"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/69203\/revisions"}],"predecessor-version":[{"id":69205,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/69203\/revisions\/69205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/69204"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=69203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=69203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=69203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}