A cybersecurity service PeckShield has revealed that the Tron-based Just (JST) token has been hacked. Additionally, PeckShield reported that TempleDAO suffered a hack that caused more than $2.3 million in losses. Altcoin prices plummeted after the attacks.
Altcoin on Tron hacked: 7,155 BNB stolen
An automated detection system from PeckShield, a cybersecurity service, has revealed that the Tron-based JST token has been hacked. In this latest attack, PeckShield reports that a scammer moved 4,600 BNB worth $1.25 million into the Tornado Cash mixer, with 2,555 BNB worth approximately $693,000 still in the hacker’s wallet.
#PeckShieldAlert Seems like $JST rugged again, scammers have transferred ~4,600 $BNB ($1.25M) to Mixer (Tornado Cash) and ~2,555 $BNB ($693k) still sit in its wallet$JST rugpull address: 0x4693f…04b34 pic.twitter.com/ewfSOCAwrq
— PeckShieldAlert (@PeckShieldAlert) October 11, 2022
JUST is a decentralized finance (DeFi) ecosystem built on the TRON Blockchain. The entire suite of products mostly focuses on a decentralized stablecoin lending platform known as JustStable. Launched in August 2020, following an initial exchange offering (IEO) on the Poloniex LaunchBase platform earlier in the same year, the JUST ecosystem has two tokens. These are USDJ and JUST (JST) tokens.
However, the platform’s local government token (JST) has been in circulation since May 2020. PeckShield reported a -65% drop in the Just (JST) token in May of this year. One address bought 100 BNB worth of JST, which in over a month turned into 3,000 BNB. Address dumped JST by making a big sale and then transferring 800 BNB to Tornado Cash. At press time, JST is changing hands at $0.02706 with a market cap of $253 million
JUST daily chart / Source: CoinMarketCapTemple DAO hacked more than $2.3M
DeFi protocol Temple DAO (TEMPLE) lost more than $2.3 million due to the hack on Oct. Twitter user Spreekaway first detected the attack. Later, blockchain analytics firm Peckshield confirmed the attack.
#PeckShieldAlert Seems like @templedao got exploited. The exploiter funded from SimpleSwap and already transferred 1,831 $ETH (~$2.34M) to a new address 0x2B63d…B5A0 @peckshield https://t.co/bOyOARyyxY pic.twitter.com/SVEm8o95U6
— PeckShieldAlert (@PeckShieldAlert) October 11, 2022
According to Peckshield, the hacker carried out the attack from SimpleSwap. He then transferred the stolen 1,831 ETH to a new address 0x2B63d. TempleDAO retweeted a Twitter post about the exploit by DeFi protocol Stax Finance. According to the issue, 321,154 xLP tokens were stolen from the xLP Staking contract. Also, 1,418,303 TEMPLE tokens and 1,262,438 were converted to FRAX. TEMPLE tokens were also later sold for FRAX. After the attack, the altcoin price dropped.
TEMPLE daily chart / Source: CoinMarketCapIt turns out that the hacker took advantage of the ‘lost onlyMigrator control’ functionality in the StaxLPStaking contract. Meanwhile, TempleDAO has removed the dApp to prevent accidental use. The team urged the hacker to return the funds. He also offered her a legal reward in case of extradition. Another blockchain security firm, CertiK, shared the following on the subject:
The reason for this attack is that the migrationStake function does not check if the oldStaking entry is expected. As a result, it is possible for attackers to forge old stake contracts to add balances arbitrarily.
https://twitter.com/CertiKAlert/status/1579848787920834560
38742
