The decentralised finance (DeFi) protocol on the Fantom network – StakeSteak – crashed by 99% overnight as a result of an exploit discovered within its GitHub files.
A private key – which had been available for more than five months – was discovered within the publicly accessible files. The exploit caused the loss of 80,636 FTM and 81,351 USDC through two different accounts, equating to around $200,000.
In the debrief, the team discovered “the exploiters were able to gain access to the STEAK deployer account due to the private keys being visible on the initial commit 5/19 of the steak public contracts on GitHub”.
The hackers used a key that allowed them to mint around 170,000 new tokens into the pool which was limited to 5,000,000. They flooded the market and tanked the price within minutes.
Unlike previous hacks of altcoins, the StakeSteak exploit cannot be fixed quickly. With compromised private keys, the only way to recover will be when the team develops and deploys a new contract.
The developers intend to take a snapshot prior to the exploit and reimburse users when the replacement for STEAK tokens are released.
Concerningly, it seems as though investors saw the dip and bought in. Trading volume increased to 1,062% despite community attempts to stop this.
Don't buy Steak tokens guys. If the PKs are out in the wild then this token can't be resurrected unless a new one is deployed.
FYI. Buying the dip in this particular case isn't the move. https://t.co/cmUBj14b40
— Blockbytes Austin (@blockbytescom) October 4, 2021
The StakeSteak team will now have to develop a new token to resurrect the project. They have taken this opportunity to rebrand the new token as Singularity, moving away from the StakeSteak name.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.