According to the Numen’s on-chain monitoring, the THOREUM project was attacked at Jan-19-2023 05:07:02 AM +UTC time.
The attacker profited 2260 BNB, roughly equivalent to $65,540 USD.
The attacker’s address: https://bscscan.com/address/0x1ae2dc57399b2f4597366c5bf4fe39859c006f99
The attacked Contract: https://bscscan.com/address/0x7d1e1901226e0ba389bfb1281ede859e6e48cc3d
The attack was simple, the attacker deposited BNB to gain WBNB, then used the swapExactTokensForTokensSupportingFeeOnTransferTokens function on Binance Smart Chain’s BiSwap to exchange it for THOREUM tokens, and then transferred the tokens to themselves.
It is suspected that there was a specific branch in the transfer that allowed for this to happen. Local simulation results match the call stack data.
The attack happened at block height 24912772 and because there have been multiple attacks, at block height 24910634 the project team changed the implementation logic of the THOREUM proxy contract.
The update contract transaction can be viewed at https://bscscan.com/tx/0x5a1788e1fbd582d1b89dc23fdf6cb7600c5ab07e4156b37cc3a6da27d5aa0349.
The update to the contract and the attack happened at a similar time, it is possible that the project team lost their private key. The total loss from this attack is estimated to be 2260 BNB. Numen is continuing to track the situation.
If you wish to audit and ensure that your projects are free from exploits such as these, please reach out to us here.
Numen Cyber Labs is committed to facilitating the safe development of Web 3.0. We are dedicated to the security of the blockchain ecosystem, as well as operating systems & browser/mobile security. We regularly disseminate analyses on topics such as these, please stay tuned or visit our blog here for more!