Hector Network Liquidation Redemption Contract Suspected to Be Attacked, Incurs Approximately $2.7 Million in Losses
User @0xBoboShanti claims that the redemption contract of Hector Network, a project in the Fantom ecosystem, appears to have been attacked, resulting in a loss of approximately $2.7 million. On January 15, Hector Network deployed a new contract to facilitate liquidation and transferred $11 million in assets from a multisignature address to the HectorRedemptionTreasury contract.
According to @0xBoboShanti, “To receive funds from HectorRedemptionTreasury, users need to call mintWithdraw(...) on the TokenVault contract. This will require: retrieving the user's redeemAmount from the recipientTokens mapping; calling the internal mintwithdraw(); minting an NFT in _mintWithdraw(); transferring the funds from HectorRedemptionTreasury to the user, and then destroying the NFT. There is a conditional check in _mintwithdraw(). Most notably, it requires the recipient to be present in the eligibleWallets mapping. So, how did users not in eligible wallets exchange $2.7 million? Why is their redeemAmount (obtained from the recipientTokens mapping) $2.7 million? This is because the deployer explicitly added this wallet to the mapping... Upon receiving USDC, this wallet rapidly exchanged 2.7 million USDC for 1100 ETH via UniswapX. 440 ETH was sent to a new wallet, and then 358 ETH was sent to 4 other new wallets. Shortly after, the Hector Network multisignature address called withdrawAll() on HectorRedemptionTreasury, returning the remaining 9 million USDC to the multisignature address. Since the wallet was explicitly added to the TokenVault contract by the deployer, the most likely explanation is a leaked private key or a rogue developer.”
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
South Korea: Upbit Investigated for Over 500,000 KYC Violations
MacBook Users with Intel Chips Urged to Update for Enhanced Security
Solana-Based Trading Terminal DEXX Hacked, Over $21M in User Losses
South Korea to Enforce 20% Crypto Tax in 2025 with Increased Exemption Limit
0.00