In the latest Altcoin News, the decentralized finance (DeFi) lockup protocol Team Finance announced that approximately $15 million in tokens were exploited on its platform via the Uniswap v2 to v3 migration function. The hacker transferred liquidity from Uniswap v2 assets on Team Finance to an attacker-controlled v3 pair with skewed pricing, according to blockchain security firm PeckShield. By tying tokens to the contract, the attacker avoided existing validation mechanisms and pocketed the massive leftovers as a profit refund. FEG Token’s FEGeth was one of the tokens affected by the exploit.
The team has currently suspended all Team Finance activity until it is determined that this vulnerability has been fixed.
Team Finance has become the latest DeFi protocol to be exploited in October. The team confirmed the incident early Thursday. However, blockchain security firm PeckShield claims the losses were higher.
PeckSheild Reports Higher Losses
In its report, PeckShield explains that the attackers used the migration feature to move real liquidity from Uniswap V2 to V3 at distorted prices. The manipulated asset prices allowed the hackers to make substantial profits from the transactions. Peckshield claimed that the protocol has a flawed migration feature that was exploited to transfer real UniswapV2 liquidity to a new V3 pair controlled by the attacker with a skewed price, resulting in a huge surplus as a profit refund. In addition, authorized sender checks were bypassed by locking tokens.
According to the security platform, the attack affected trading pairs of four tokens by $15.8 million. CAW (A Hunters Dream) had the largest loss at $11.5 million, followed by Dejituru Tsuka at $1.7 million, Kondux at $700,000, and FEGeth at $1.9 million. Team Finance has not yet confirmed a fix for the vulnerability.
According to the Twitter account, Team Finance manages about $3 billion in assets.
There has been an overwhelming amount of blockchain news relating to protocol exploits in October. Earlier this month, Chainalysis reported that October was the worst month for cryptocurrency hacks, with approximately 11 protocols hacked, totalling $718 million. This growing rate of attacks makes 2022 the worst year in industry history.
FEG Affected By Exploit
FEG (Feed Every Gorilla) took to Twitter to notify users of the exploit. In the thread, FEG clarified that its FEGbsc, which is also managed by Team Finance, is safe. However, its FEGeth was one of the tokens affected by the exploit.
FEG went to provide the transaction details in Etherscan and stated that Team Finance had already set a bounty to fix the exploited code.
FEG stated, “Our next steps are to work closely with Team Finance to understand in more detail the event(s) that transpired, root cause analysis, how to resolve the current loss of liquidity of FEGeth.”