LendHub Hacked for $6Million
Its been a while since I did one of these, but I thought I'd give it a go as I wait for my electricity to come back on, but in today's YIYL, we take a look at the ever-failing DEFI/CEFI space, which is so full of security holes you're better off securing your life savings in a block of swiss cheese.
In the latest example of how you cannot trust these protocols, LendHub a Defi service built on the HECO or Houbi Chain fall flat on its face this past week and got hacked for 6 million dollars worth of tokens at today's deflated prices. Can you imagine that? After the entire market took an 80-90% haircut in the last year you still lost 6 million bucks, which could easily have been worth 80 million at peak, so don't let these numbers fool you, it's a big loss.
A token mix up
The reason the service got exposed was due to the existence of two lBSV tokens, one of which had been phased out but was regrettably not eliminated from the market, and someone figured it out and acted quickly.
As a result, there was a disparity between the old and new lBSV, resulting in different smart contracts but the same market pricing, allowed someone to acquire and the useless token and dump it at the price of the new token and make off with a considerable amount of free money.
Twitter keeps the receipts
In a Twitter thread released by LendHub, they stated that "hackers stole about 6 million US dollars of assets from Lendhub". They wrote that they had "locked the hacker's attack address", but whatever they meant by this was not enough to stop the thief from transferring 1,100 ETH (~$1,562,000) to Tornado Cash to tumble those funds and now they're free to do with it as they please.
Also, how are you decentralized when you can "lock people's addresses" second of all I thought code is law, if the code can execute it, then it should be allowed right? I thought this is what DEFI is all about, you pay for your mistakes.
https://twitter.com/LendHubDefi/status/1613846541651030018
SlowMist gives the painful details
Security firm SlowMist attributed the attack to a token that had been replaced with a new version, but whose original version remained active on the platform. So someone was clearly not paying attention in deactivating that smart contract and paid a pretty penny for that mistake.
In a twitter post SlowMist offer you a detailed break down of the shinanigans and where the funds are sitting before they got tumbled, if you feel like following the drama I recommend checking out this post.
https://twitter.com/SlowMist_Team/status/1613906600279900162
Talk about the price
As for their native shitcoin, LendHubs LHB token only does a 24-hour volume of $27,236 lol, so you really can't even trade in and out of this illiquid piece of garbage, so why anyone would hold this token is beyond me. Anyone who feld this token for more than a year already got completely obliterated considering that it is 99.98% down from its all-time high of $4.08
The token now trades for $0.0009873 and with the latest hack, pretty sure this project is dead and has zero chance of recovery.
Yet another reminder of why you shouldn't touch the toxic shitcoin space unless you want to lose all your money
Sources:
Have your say
What do you good people of STEEM think?
So have at it my Jessies! If you don't have something to comment, "I am a Jessie."
Let's connect
If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler
| Earn Free bitcoin & shop | Earn Free Bitcoin & shop | Claim Free Bitcoin & Shop |
|---|---|---|
 |  |  |