UvToken’s multi-chain wallet project lost $1.45 million due to a smart contract attack. UvToken confirmed the vulnerability and said that their “staking initiative” was compromised.
5,011 BNB tokens (1.45 million) were stolen from the multi-chain cryptocurrency wallet UvToken and transferred to the official crypto mixer Tornado Cash. This occurs as October is shaping up to be a rough month for DeFi initiatives, with several hacks and vulnerabilities already having occurred.
As reported by security companies Ancilia and Peckshield, the attack happened on the BNB Chain blockchain on Thursday at about 1:00 a.m. ET.
UvToken confirmed the vulnerability and said that their “staking initiative” was compromised. It is collaborating with security professionals to analyze the vulnerability. UvToken enables users to stake the native token in a targeted contract, PeckShield said.
PeckShield informed The Block that the attacker likely exploited the UvToken staking contract’s lack to properly verify input data. The company found a possible flaw in the contract’s logic that may have enabled the hacker to conduct a fraudulent call and steal the staked monies.
The current breach is the latest addition to a series of vulnerabilities that have plagued the cryptocurrency industry this month. Numerous security vulnerabilities have occurred in the cryptocurrency industry so far in October, including a $100 million hack of BSC Token Hub and a $114 million assault on Mango Markets, among others.