Hackers steal $42M from Fenbushi Capital founder’s wallet💰

In brief⚡

Events Under the Spotlight💥

The numbers Protocol (NUM) token project on the ETH chain fell for a hack.

• An attack on the Numbers Protocol (NUM) token project on the ETH chain resulted in a profit of around 13,836 US dollars for the attacker.
• The attack contract (0xa68cce) is created by the attacker as a malicious anyToken token, and its underlying token points to the NUM token address;
• The NUM token lacks a permit function and has a callback function, which makes it possible to trick the cross-chain bridge and cause the user’s assets to be transferred unexpectedly. This is the major reason for the attack.
• The Router contract of the Multichain cross-chain bridge should then be called to invoke anySwapOutUnderlyingWithPermit.
• However, since the NUM token contains a callback function and no permit function, even if the attacker submits a fake signature, the transaction will proceed smoothly, and the NUM token at the victim’s address can ultimately be moved to the designated attack contract middle;

• The attacker then converted the profitable NUM tokens into USDC via Uniswap, then profitably into ETH;

Fenbushi Capital’s founder Wallet Hacked.

• Hackers steal $42 million from the wallet of Fenbushi Capital’s founder.
• A total of 42 million dollars in crypto assets, including 38 million dollars in USDC, were stolen from his wallet ending in 894.
• According to Shen, the most stolen cryptocurrency was $38 million in USDC; other stolen assets included Tether (USDT), Bitcoin (BTC), and Ethereum (ETH).
• In his tweet, he stated that the stolen assets were personal funds with no bearing on Fenbushi-related entities.

The AurumNodePool lost 50BNB to a hack.

• The AurumNodePool contract $AUR was targeted for approximately 50 $BNB ($14,538.04).
• The changeRewardPerNode function in the contract was not validated, allowing an attacker to set arbitrary values by calling it.
• The hacker uses the changeRewardPerNode function to increase the daily reward value to an extremely large number before claiming the node reward with claimNodeReward.
• The calculation of node reward is based on the hacker’s rewardPerDay value, resulting in a highly calculated reward.
• The hacker uses the changeRewardPerNode function to increase the daily reward value to an extremely large number before claiming the node reward with claimNodeReward.
• The calculation of node reward is based on the hacker’s rewardPerDay value, resulting in a highly calculated reward.

• Trending Blog of the Week🚀

Thanks for reading HashingBits! Subscribe for free to receive new posts and support our work.