ShadowFi Exploit Allows $300k Liquidity Drain, Massive Cryptocurrency Loss

ShadowFi tweeted about the cyber attack. Hackers made an attack on DeFi systems possible by a crypto-private effort known as ShadowFi. A prominent blockchain security firm, Peckshield, sounded the alarm and revealed the exploitation cost around $300,000.

In what way did the hack take place?

According to ShadowFi, an attacker drained its liquidity pool contract, leaving it with zero funds. Peckshield claims that the protocol was exploited due to flaws in the SDF token. Due to this vulnerability, anyone might burn the token without authorization.

Peckshield added that the amount of money the hacker took was around $300 thousand, or 1,078 $BNB. The hacker was named NeorderDAO by the blockchain security company. A spokesperson for the company said the hacker’s name was found in the company’s internal database.

Significant Cryptocurrency Losses Caused by Tornado Cash Use

Peckshield claims that the hackers deposited the looted funds into Tornado Cash. Tornado Cash has caused more harm than good for the cryptocurrency sector. Criminals have sent funds from compromised systems using encryption software.

Since 2019, the program has been used to launder almost $7 billion from numerous cryptocurrency exchanges. Even the notorious North Korean hacking gang Lazarus Gang has utilized Tornado Cash to transfer around $455 million. And hackers stole almost $96 million from Harmony Bridge using Tornado Cash.

Similarly, Nomad was able to wire $7.8 million thanks to the privacy app. On September 1st, KyberSwap was the target of an attack that incurred damages of approximately $265,000. KyberSwap admitted the hack, although it said it was looking into what happened.

After this, the corporation promised the hacker a 10% reward for recovering the looted funds. In the wake of the KyberSwap assault, hackers turned their attention to the ShadowFi DeFi protocol.

Because of its widespread abuse, the US Treasury’s Office of Foreign Assets Control (OFAC) outlawed Tornado Cash last month. The OFAC has voiced its disapproval of privacy-protecting programs’ role in the compromise of several crypto networks. Because of the ban, reputable websites had to stop hosting Tornado Cash.

Despite the ban, hackers continue to utilize the program to transfer funds. Some in the bitcoin community were critical of the OFAC’s decision to prohibit Tornado Cash when it was first announced. Businesses that followed OFAC’s orders and ceased accepting Tornado Cash came under heavy criticism.

However, the continued usage of the anonymizing app by cybercriminals has made the OFAC’s decision to ban it seem reasonable.

ShadowFi guarantees to solve the problem

More and more often, authorities and stakeholders in the bitcoin industry find themselves the victims of hacks on cryptocurrency exchanges. The US regulators included Tornado Cash in its ban to plug specific security holes that hackers exploit.

Nonetheless, Tornado continues to function despite the ban because the exploiter of ShadowFi’s most recent use of the crypto mixer has not yet been caught. Reports state that the exploiter traded about 8.4 SDF tokens for 1078 BNB before switching to Tornado.

ShadowFi, on the other hand, proves that the group is committed to working toward a solution that benefits customers. Users are asked to be patient while the issue is being worked on by the team, as per the protocol.

eToro is a multi-asset platform which offers both investing in stocks and cryptoassets, as well as trading CFDs.

Please note that CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 78% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work, and whether you can afford to take the high risk of losing your money.

Past performance is not an indication of future results. Trading history presented is less than 5 complete years and may not suffice as basis for investment decision.

Copy trading is a portfolio management service, provided by eToro (Europe) Ltd., which is authorised and regulated by the Cyprus Securities and Exchange Commission.

Cryptoasset investing is unregulated in some EU countries and the UK. No consumer protection. Your capital is at risk.

eToro USA LLC does not offer CFDs and makes no representation and assumes no liability as to the accuracy or completeness of the content of this publication, which has been prepared by our partner utilizing publicly available non-entity specific information about eToro.

This article was originally published on

Share to Social Media

Share on facebook
Share on telegram
Share on twitter
Share on linkedin
Share on pinterest
Share on reddit
Share on whatsapp

Recent News

Hot stories

Join Our Newsletter