The Maiar DEX lives on the Elrond layer 1 blockchain. In early June 2022, the Maiar DEX and Elrond became part of an attack. The hacker got initially away with $1.65 million worth of Elrond. However, he dumped them on the Maiar DEX.
This causes the EGLD token to drop to $5 on Maiar. As a result, they halted the Maiar DEX. Let’s see and find out what happened during this attack.
The EGLD Hack
Twitter resident foudres.eth reported that he saw some unusual activity in three wallets. He is an on-chain analyst and editor for a French crypto site. He wrote a thread about what he could find out.
Furthermore, he notes that the hacker created the three wallets at the same time. They also received funds from Binance.
Now they deploy a smart contract and set it up to withdraw. See the pictures below.
Source: foudres.eth Twitter thread
The next step is to withdraw over, 1600k EGLD. That is around $108.8 million when we assume a $68 ELGD price. See picture below.
In total, the three wallets received 800k, 400k, and 450k EGLD. They now start to dump the EGLD and swap the EGLD for blocks of 200k USDC. In blue on the below picture. Time after time. They unwrap them to have USDC on ETH chain (Pink) and then bridge them (Green).
One of the accounts proceeded to make a unique UTK bridge. This is an Elrond bridge. This could well be an attempt to siphon more ELGD out of the DEX? …… That is the question here. Foudres can’t explain where the ELGD appears from. It seems to be ‘free money’. Eventually, he concludes that there is a loophole in a smart contract. It’s on the wEGLD <>EGLD smart contract.
However, in the meantime, back at the farm. The hacker starts to dump EGLD on Maiar at 22.08. Within 38 minutes, EGLD loses 92% of value on the Maiar DEX. On the other hand, other CEXs and DEXs don’t show any signs of EGLD price loss. As a result, though, Elrond decided to halt Maiar DEX. They put it in maintenance.
The Total Loss of the Hack
Foudres concludes that the loss was as follows.
From the 1.650 million EGLD:
- The hacker managed to launder 5.6 million USDC and 38k EGLD.
- However, 10 million USDC, 170k UTK, and 180k EGLD remain in 4 wallets.
Since you can only bridge UTK and USDC, he has a hard time figuring out where the ELGD came from. However, he finds the loophole on the wELGD < > ELGD smart contract.
In the meantime, the Elrond team hasn’t been sleeping. They missed out on their sleep, to fix the bug. Let’s find out what the Elrond team was up to.
How Did the Elrond Team React?
When all this was going on, Beniamin Mincu, the Elrond CEO, was traveling. He also wrote a Twitter thread, on how they reacted. Wherever he was, it was late, and he was about to get some shuteye. However, the real-time events caught up with him. It turned out to become an all-nighter. The midnight oil started to burn.
His team called him and reported they detected suspicious activity on the Maiar DEX. So, they quickly find out that things are not working as intended. They start to consider initiating an emergency protocol.
7/ INITIATE EMERGENCY PROTOCOL
Next 30-60 min we wake up more of the team, to begin a closer investigation on the issue during the night.
The Maiar DEX behavior was technically problematic.
Sufficiently problematic to necessitate immediate temporary pause for safety reasons.
— Beniamin Mincu 🔥🌓 (@beniaminmincu) June 6, 2022
In the next hour, more team members get a wake-up call. Their next step is to halt the Maiar DEX temporarily for safety reasons. They discovered a potential critical bug. It exposed an exploit area that needed urgent fixing.
They started a chain of three priorities;
- Understand the problem, limit the damage as fast as possible, and ensure safety.
- Define a solution and recovery plan.
- Execute solution and recovery plan. Prepare to resume activities once they solve the problem. Providing they properly execute the plan.
They worked all night and find a solution that dealt with the bug. Next thing, they proposed a new emergency mainnet upgrade. This received the thumbs up, and they put it in place.
This solved the bug and improved security. They also proposed another mainnet upgrade. The validators approved and adopted this as well. This increased security even more.
The next step meant to verify checks of all balances on the Maiar DEX and Bridge. As a result, they recovered most stolen funds. The Elrond foundation covered all other funds. In other words, all funds were safe and available at restart.
The Maiar DEX is up and running again on June 8. They first ran a variety of checks. Once the Maiar ELGD is the same as the price on Binance, they allow swapping again.
Maiar DEX full recovery is complete.
The DEX is now live. APIs are live. Exchanges are live.
*All funds are safe, all users are safe.*
Carefully monitoring everything during the next hours.
Super though 48 hours. Amazing efforts and support from the team, community, partners.
— Beniamin Mincu 🔥🌓 (@beniaminmincu) June 8, 2022
To sum up, this is a great all-out effort of the team. It shows dedication and a clear head. The team turned this around quickly. Deservedly, they receive many kudos on Crypto Twitter. Their swift action surely saved the day.
Details of the Progress
Beniamin posted a Twitter thread on all progress details. Some highlights include.
- They solved the bug.
- The team verified all balances.
- All user funds are available at restart.
- Everyone can access their accounts and check balances.
- They enabled full bridge function by now.
- Binance and other CEXs re-enabled EGLD deposits and withdrawals.
Both foudres.eth and Beniamin Mincu found out at almost similar times that something was not right on the Maiar DEX. We described from foudres perspective what he experienced and noticed.
The next step is that we showed how the Elrond team handled the situation. With their swift action, they managed to get the situation under control. Furthermore, they secured almost all the hacked funds. The Maiar DEX is up and running again and open for business.
⬆️For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️Find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.