A non-custodial smart contract-based staking platform, Stader has now published a report on exploitation that rocked its platform on Tuesday. The protocol released the detailed report in a Wednesday blog post on its handle. As revealed, the exploitation on the network began around 9:30 AM EST.
Stader, in the report, noted that the vulnerability enveloped in its NearX smart contract became exploited. It further that the hacker took advantage of the vulnerability to mint 20 Mn $NearX by relaying $NearX to his own address in a loop without any corresponding $NEAR staked against it. Notably, the protocol identified the address of the hacker as “gregoshes.near.”
Notably, the hacker used the minted $NearX to “drain all the $NEAR liquidity from Near<>NearX liquidity pools at Ref Finance & Jumbo Exchange by swapping the $NearX for $NEAR.” Stader announced that it has temporarily halted the NearX smart contract. More so, the protocol stopped all ongoing transactions of $NearX. These decisions, as announced, reduced the implications of the exploitation of smart contracts and any transactions on the DEXs.
Stader says attackers stole ~165k
According to the report, the attacker siphoned about ~165k Near through the exploitation. Stader plans to further assess the situation to know the exactness of the funds. Notably, the protocol assured users of the safety of the ~2.5Mn $Near staked on the Stader dapp, stressing that the attack only impacted $Near liquidity in the LPs.
Stader said it deployed multiple smart contracts across seven blockchain. According to the protocol, the exploitation appears limited to the NearX contract alone and possesses no impact on other contracts existing on those blockchains. Additionally, the staking platform said it prioritized the security of the contracts. Before the exploitation, it reportedly availed two-fold security on its NearX smart contract. More so, the Stader said it remained the first staking liquidity protocol on NEAR to become successful audited by two cyber security companies.
Additionally, Stader admitted that the exploitation has now exposed the need to upgrade its security. Now, the staking platform intends to launch a bug bounty program in partnership with Immunefi, on NearX contracts for Whitehat experts. More so, it announced the hiring of security experts, Halborn and BlockSec to deeply investigate the exploitation. According to Stader, the security outfits will also test the contracts. It also secured the services of a law firm to take legal action on the issue. The protocol promised to update its users as the issue unfolds.