An unknown hacker siphoned $3 million from Skyward Finance, a launchpad project on Near Protocol.
The Skyward Finance team acknowledged the exploit, explaining that the "Skyward Treasury has been drained through a contract exploit."
According to security firm BlockSec, the exploit was perpetrated in just one transaction. In this transaction, the hacker redeemed more than 1.1 million wrapped Near tokens ($3 million) in a loop from Skyward’s treasury contract.
The contract was open to the public and could be used by anyone who wanted to redeem Skyward Finance tokens for wrapped Near tokens.
BlockSec found a bug in the contract's token-redemption function that failed to check for duplicate token account IDs, the firm said in a statement shared with The Block.
The incident comes as crypto hacks continue to grow. Just last month, as many as 44 exploits accounted for more than $650 million in losses.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.