Decoding Thoreum Finance Exploit | QuillAudits


About Thoreum Protocol:

The Root Cause:

On Chain Details:

Attacker’s Contract: 0x7d1e1901226e0ba389bfb1281ede859e6e48cc3d

Exploit txn: 0x5058c820fa0bb0daff2bd1b30151cf84c618dffe123546223b7089c8c2e18331

Contract Upgrade txn: 0x5a1788e1fbd582d1b89dc23fdf6cb7600c5ab07e4156b37cc3a6da27d5aa0349

Attack Steps:

  1. The Exploiter first funded his wallet(0x1ae2d) from FixedFloat’s Hot Wallet and deployed his exploit contract.

2. The attack was very simple, The attacker simply deposited BNB to gain WBNB. Then he swapped the WBNB Tokens for THOREUM tokens on BiSwap.

3. He called transfer function from the Thoreum contract and sent himself the tokens. He performed the transfer multiple times and due to the vulnerability his balance got increased each time.

4. The exploiter then converted all of the stolen tokens into BNB, amounting to approximately 2261 BNB.

After the Exploit:

The protocol announced a Report of the incident through Twitter.

Status of the Funds:

The attacker had $15 left in his wallet as of the time of writing this blog.

How could this incident have been avoided?

They should have conducted multiple audits by Reputable firms to ensure the security of the contract and that all potential vulnerabilities are discovered and resolved before deployment.

QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.

Web3 security- Need of the hour

Want more Such Security Blogs & Reports?

Partner with QuillAudits :



Smart Contract Auditing Experts , Making web3 a safer place .

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store