<p><span style="font-weight: 400;">An unknown hacker siphoned $3 million from Skyward Finance, a launchpad project on Near Protocol. </span></p> <p><span style="font-weight: 400;">The Skyward Finance team</span> <a href="https://twitter.com/skywardfinance/status/1587947957789331457"><span style="font-weight: 400;">acknowledged</span></a><span style="font-weight: 400;"> the exploit, explaining that the "Skyward Treasury has been drained through a contract exploit." </span></p> <p><span style="font-weight: 400;">According to security firm BlockSec, the exploit was <a href="https://twitter.com/BlockSecTeam/status/1587998109648683010">perpetrated</a> in just</span> <span style="font-weight: 400;">one transaction</span><span style="font-weight: 400;">. In this transaction, the hacker <a href="https://explorer.near.org/transactions/92Gq7zehKPwSSnpoZ7LGGtSmgmBb4wP2XNDVJqUZRGqz">redeemed</a> more than 1.1 million wrapped Near tokens ($3 million) in a loop from Skyward’s treasury contract. </span></p> <p><span style="font-weight: 400;">The contract was open to the public and could be used by anyone who wanted to redeem Skyward Finance tokens for wrapped Near tokens.</span></p> <p><span style="font-weight: 400;">BlockSec found a bug in the contract's token-</span><span style="font-weight: 400;">redemption function</span><span style="font-weight: 400;"> that <a href="https://github.com/skyward-finance/contracts/blob/master/skyward/src/treasury.rs#L158">failed</a> to check for duplicate token account IDs, the firm said in a statement shared with The Block.</span></p> <p><span style="font-weight: 400;">The incident comes as crypto hacks continue to grow. Just last month, as many as 44 exploits</span> <a href="https://www.theblock.co/post/181511/hacktober-ends-with-3-billion-in-losses-year-to-date-peckshield"><span style="font-weight: 400;">accounted</span></a><span style="font-weight: 400;"> for more than $650 million in losses.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>