The native token of the layer-1 blockchain Shido has experienced an 85% decline following an exploit targeting the project’s Ethereum-based staking contract.
Blockchain security firm PeckShield initially uncovered the exploit, disclosing that the attacker effectively transferred ownership of the blockchain’s Ethereum staking contract to a different address. Following this, the new owner modified the contract with a hidden function, allowing for the withdrawal of staked tokens.
“There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function,” PeckShield wrote.
Hi @ShidoGlobal There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function. This hidden function is then called to withdraw all 4,353,473,223.864904 $SHIDO.
Here are related txs:
– owner… https://t.co/TZ6oMDGwMG pic.twitter.com/VGZtyg9PEf— PeckShield Inc. (@peckshield) February 29, 2024
As of the current moment, Shido is priced at $0.00141, reflecting a decrease of over 82% within the last 24 hours.
Impact of Exploit on Shido’s Ecosystem: Withdrawal of Circulating Supply
The attacker who exploited Shido’s Ethereum-based staking contract made a significant move by withdrawing nearly half of the token’s circulating supply. This led to increased market volatility and uncertainty among investors, causing a significant drop in Shido’s token price and disrupting the project’s operations. The exploit highlighted the vulnerability of DeFi protocols to sophisticated attacks, emphasizing the need for robust security measures. The Shido team and the broader cryptocurrency community are likely to implement measures to prevent similar incidents in the future, including enhancing security protocols and conducting audits of smart contracts. The attacker withdrew over 4.3 billion Shido tokens, accounting for almost half of the total circulating supply valued at approximately $35 million. The incident raised concerns in the cryptocurrency community and revealed vulnerabilities in blockchain projects. Pseudonymous on-chain researcher ZachXBT found that the exploiter’s address was funded through cryptocurrencies initially bridged from Layerswap and Arbitrum. ZachXBT also claimed to have identified the real identity of the wallet owner funding the exploiter, who was also a victim of a hack.
So the address was funded via Across on Arbitrum and that was funded via Layerswap by this persons ENS.
I think they were hacked as well though bc their assets were suddenly transferred before funding the exploiter. pic.twitter.com/6Da2ybKuFY
— ZachXBT (@zachxbt) February 29, 2024
Shido, a layer-1 proof-of-stake blockchain, was eagerly awaiting the debut of its mainnet.
In a recent announcement on February 24, the project stated that the mainnet launch was scheduled for the following week.
The SHIDO token, an Ethereum-based ERC-20 token, was intended for staking on the project’s associated decentralized exchange (DEX), offering token holders an annual yield of 8%.
Navigating the Persistent Threat of Exploits in Web3
Despite the promises of decentralization and security touted by Web3 technologies, the ecosystem continues to grapple with a persistent threat: exploits. These vulnerabilities, often stemming from smart contract weaknesses, have become a recurring challenge, raising concerns about the safety and reliability of decentralized applications (dApps) and protocols.
One of the primary factors contributing to the prevalence of exploits in Web3 is the rapid pace of innovation and deployment. As developers rush to launch new projects and capitalize on emerging trends, they may overlook crucial security considerations, leaving their smart contracts vulnerable to attack. Additionally, the open and permissionless nature of blockchain networks makes it challenging to identify and address vulnerabilities effectively, as malicious actors can exploit weaknesses without detection.
Furthermore, the interconnected nature of the Web3 ecosystem exacerbates the impact of exploits. A vulnerability in one dApp or protocol can have far-reaching consequences, potentially affecting other interconnected applications and users. This interconnectedness underscores the need for comprehensive security measures and proactive risk management strategies to safeguard the entire ecosystem.
Despite ongoing efforts to improve security practices and conduct audits, exploits continue to occur with alarming frequency. High-profile incidents, such as the recent exploit on Shido’s Ethereum-based staking contract, serve as stark reminders of the persistent threats facing the Web3 ecosystem. These exploits not only result in financial losses for users but also erode trust and confidence in decentralized technologies.
Addressing the issue of exploits in Web3 requires a concerted effort from developers, auditors, researchers, and the broader community. Developers must prioritize security throughout the development lifecycle, from code design to deployment, and regularly update and patch vulnerabilities as they emerge. Auditors and researchers play a crucial role in identifying and mitigating vulnerabilities through rigorous testing and analysis. Additionally, community engagement and education are essential for raising awareness about security best practices and fostering a culture of security-first development.
While exploits may remain a persistent challenge in Web3, proactive measures and collaboration across the ecosystem can help mitigate risks and build a more secure and resilient decentralized infrastructure. By prioritizing security, transparency, and accountability, the Web3 community can work towards realizing the full potential of decentralized technologies while minimizing the impact of exploits on users and the broader ecosystem.