A suspected hacker has exploited the Cover staking protocol, inflating the token supply by printing over 40 quintillion “coins”
However, in a surprising move, the suspected attacker returned the funds with a note saying: “Next time, take care of your own shit.”
In the initial exploit, the attacker liquidated over 11,700 coins on the 1inch decentralized exchange aggregator after inflating the token supply according to data from the Ethereum wallet explorer Nansen. In total, the rogue actor drained more than $5 million from the project as of press time.
Cover Protocol released addressed the incident in a message posted on its Discord group, stating:
“The Blacksmith farming contract has been exploited to mint infinite $COVER tokens. We have restricted minting access to the farming contract in order to stop the attacker. If you are providing liquidity for $COVER token (uniswap or sushiswap) please remove it immediately.”
According to the Cover Protocol team, the issue only affected the token supply with funds held in “claim/noclaim” pools still safe. The project says it is investigating the incident.
The attack caused a massive decline in the COVER token price, falling by more than 97% while also eliciting negative comments from a cross-section of the crypto community on social media. Back in November, Cover was one of the DeFi protocols to merge with Yearn.Finance.
Monday’s incident makes the Cover the latest DeFi project to suffer a malicious exploit in a year ridden with opportunistic profiteering attacks against numerous protocols.
As previously reported by Cointelegraph, the spate of DeFi hacks throughout the year stand out as one of the major disappointments in the crypto space for 2020 with data manipulation deemed as being easy to accomplish on many projects.