Skyward Finance suffers $3 million exploit on Near Protocol

Quick Take

  • Skyward Finance, a launchpad on Near Protocol, was drained for $3 million in wrapped Near tokens.
  • The hacker exploited a bug in a smart contract used by Skyward Finance to maintain its treasury.

An unknown hacker siphoned $3 million from Skyward Finance, a launchpad project on Near Protocol. 

The Skyward Finance team acknowledged the exploit, explaining that the "Skyward Treasury has been drained through a contract exploit." 

According to security firm BlockSec, the exploit was perpetrated in just one transaction. In this transaction, the hacker redeemed more than 1.1 million wrapped Near tokens ($3 million) in a loop from Skyward’s treasury contract. 

The contract was open to the public and could be used by anyone who wanted to redeem Skyward Finance tokens for wrapped Near tokens.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

BlockSec found a bug in the contract's token-redemption function that failed to check for duplicate token account IDs, the firm said in a statement shared with The Block.

The incident comes as crypto hacks continue to grow. Just last month, as many as 44 exploits accounted for more than $650 million in losses.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Adam James at
[email protected]