El Dorado Exchange attacker returns over $400k after team admits code vulnerabilities
The EDE Finance team has fixed the vulnerabilities and offered the exploiter 5% of its team's token to fix other issues.
An attacker targeting DeFi protocol El Dorado Exchange (EDE Finance) has returned over $400,000 worth of USDC and USDT after the project admitted that it made an “ill-advised decision to manipulate the price.”
Earlier today, the decentralized exchange (DEX) protocol was exploited for around $580,000, according to security firm Peckshield, which specializes in monitoring and analyzing suspicious activities on blockchain networks
Following the news, the EDE token was down 14% to $0.5767, at the time of writing, according to CoinMarketCap data.
How EDE was exploited
A May 30 analysis from Numen Cyber Labs showed that the attacker manipulated the prices of the tokens on the DEX.
The attacker exploited a function within the protocol’s closed-source Oracle contract after invoking the “func_147d9322” function. According to Numen Cyber Labs, these actions allowed the attacker to manipulate the token prices and effectively exploit the project.
Meanwhile, the project’s auditor LunaraySEC said the exploited vulnerabilities were not within the scope of its initial audit, adding that the EDE Finance team has “identified and fixed” the issue.
EDE attacker nets $100k
On-chain data shows that the DEX attacker gained $104,000 after returning 86,222 USDT and 333,948 USDC of the stolen funds.
According to on-chain messages, the attacker alleged the project’s team inserted a backdoor that would have allowed them to liquidate their users and steal their funds.
“The developers implemented a backdoor that allowed them to force liquidate any position they desired. This malicious activity involved intentionally signing incorrect prices to manipulate users’ positions and steal their funds. To stop this attack on users, a white hat was initiated to bring this issue to light.”
The attacker wrote that if the team admitted to this malicious activity, they would return the funds and “bring to light additional vulnerabilities that exist.”
EDE team says the malicious contract was intended to blacklist exploiters
While admitting the allegations, the EDE team stated its “intention was to blacklist those who had previously exploited the system.” It added:
“We did not aim to misappropriate users funds as this would leave a traceable record. We will promptly remove the problematic bomb contract.”
Additionally, the protocol offered the attacker 5% of its team’s token allocation as gratitude for pointing out the other vulnerabilities. However, the offer is subject to the team’s vesting period.