Unknown hackers stole $3 million from Skyward Finance, a Near Protocol launchpad project. Approximately 1.1 million NEAR tokens were drained from the project. The attack was noticed by a community member who goes by Near Scout.
The @skywardfinance was just exploited for ~1.1M $NEAR Tokens (Worth ~3M) . 😢
Thnx to @NearScout for noticing the treasury drain, he pinged me asking if something is wrong with skyward… then we looked into contract txns and found out about the exploit and sus txns.
— SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens 🛸 (@sanket_naikwadi) November 2, 2022
The Skyward Finance team acknowledged the exploit and stated, “Skyward Treasury has been drained through a contract exploit.”
According to the security company BlockSec, the exploit was carried out through a single transaction. In this transaction, the hacker redeemed more than 1,100,000 Near tokens wrapped in a loop from Skyward’s treasury contract for $3 million.
The contract was accessible to the public and could be used by anyone desiring to exchange Skyward Finance tokens for Near tokens.
The contract’s token-redemption function failed to check for duplicate token account IDs, according to a statement from BlockSec.
The incident occurs as the number of crypto hacks continues to rise. More than $650 million in losses were attributable to 44 exploits during the past month.