UvToken hacked for $1.45 million in latest crypto exploit

Quick Take

  • A multi-chain wallet project UvToken has lost $1.45 million in a smart contract exploit.
  • UvToken acknowledged the exploit, saying that its “staking project” was attacked.

Multi-chain crypto wallet UvToken has been hacked for 5,011 BNB tokens (1.45 million) and the funds have already been routed into sanctioned crypto mixer Tornado Cash. This comes amid a flurry of hacks and exploits this month, as October looks set to be a particularly bad month for DeFi projects.

The incident occurred on the BNB Chain blockchain on Thursday morning at around 1 a.m. ET time, as noted by security firms Ancilia and Peckshield.

UvToken acknowledged the exploit, saying that its "staking project" was attacked. It’s currently working with security teams to investigate the exploit. UvToken lets users stake the native token into a specific contract, which was targeted, PeckShield noted.

The attacker likely took advantage of the UvToken staking contract's failure to properly authenticate input data, PeckShield told The Block. The firm noted the contract may have contained a logic error that allowed the hacker to make a malicious call and seize the staked funds. 

The latest exploit represents another addition to the list of exploits that have plagued the crypto sector this month. So far in October, the crypto sector has witnessed a series of security exploits, including a $100 million hack of BSC Token Hub and a $114 million attack on Mango Markets, among several other incidents.


© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.