Avacash.Finance exploit: 640 AVAX stolen post mortem.

What happened?

  1. Used the flashloan feature to borrow the same amount of the pool denomination (ex. 100 AVAX)
    (Example of the first attack: https://snowtrace.io/address/0x35497a871810cb56b65b093723c21eebeda21572)
  2. While performing the flashloan, the attacker made a deposit of the same amount (ex. 10 AVAX). This made the Flashloan provider pass the security checks (initial balance = final balance)
  3. In a second transaction the attacker made a withdrawal using its secret note of the deposit made in step 2.

How was this possible?

Recovery assets mission.

Post-Exploit Compensation.

Who will be eligible?

  1. If the recovery assets mission works, we will refund your stolen assets.
  2. Compensate with $CASH tokens (and hence, change a bit the token distribution percentages), if this is the case, this will be announced before the token launching date (before December 20th).
  3. A combination of option 1 and 2.

The Future

--

--

--

Did you know that your entire Avalanche transaction history is public by default? Avacash.Finance invest your assets in DeFi protocols with 100% anonymity!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cogitate Launches Cyber Liability Solution Within Flagship Digital Edge Platform

What is VPN Tunnel and how it works?

Elliptic Curve Cryptography

RAILGUN Weekly Update, April 11, 2022

How to Swap and Trade on Pancake Swap with Trust Wallet or MetaMask

Best Way to Remove Go.mail.ru

Vmrc Plugin For Windows 10

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Avacash.Finance

Avacash.Finance

Did you know that your entire Avalanche transaction history is public by default? Avacash.Finance invest your assets in DeFi protocols with 100% anonymity!

More from Medium

A new 💫 🚀Roadmap🚀 for Privacy-focused Investments

We are happy to announce that we’ve pushed additional features to smoothen your experience on…

High Availability DRBD on RHEL 8

ORM Injection