QI Quadriga Initiative

Oct 2024 - Aark Digital Incorrect Balance Update Exploit - $1.9m (Global)

"Leverage-Everything Perpetual DEX. Safe and Easy, Powered by Blockchain. Start Trading"

"Launched in June 2024. AARK grants holders governance rights and staking benefits including rewards, fee discounts, and Multiplier Points."

"During a routine GM token burn, Aark Digital encountered a callback error due to a third-party contract modification. To resolve this, Aark Digital initiated a contract upgrade and GM delisting to adjust affected user balances. Users holding GM were required to convert GM to USDC. Aark Digital ran a script to process these conversions, receiving inputs like target user, amount, token address, and decimals from event data. While executing, a single user’s USD Value shifted erroneously from 0.498942 to 498,942 * (10 ^ 12), due to an incorrect balance update (not from a deployed contract error). Exploiting this security vulnerability, the attacker caused Aark Digital a loss of 1,499,841 USDC and 159.09 ETH."

"Initially, we reported a total loss of 1,386,085.5 USDC and 24.143 ETH due to the exploit. However, further investigation has revealed that the actual amount stolen was higher, totaling 1,499,841 USDC and 159.09 ETH. This revised amount provides us with a more accurate scope of the breach, which is essential for our recovery strategy."

"The stolen funds represent approximately 67% of the total deposits, including collateral for Futures and LPs. Given the scale of the impact, we are currently able to refund 33% of the original deposit amount to affected users."

Further Analysis

Aark Digital is a decentralized exchange which allows users to gain extra rewards and staking benefits. On October 25th, 2024, the platform experience an exploit due to an incorrect balance update in a transfer function, which caused a large loss. Aark Digital has been working to recover the funds over time with the community.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Essence Finance Chi Stablecoin Rug Pull > > < < Base Blockchain Unverified Compound Fork Lending Exploited

Sources/Further Reading

Incident of October 25th (Dec 31)
Aark Digital offers 15% bounty to hacker responsible for $1.5M attack on vaults (Dec 31)
https://www.crowdfundinsider.com/2024/10/231673-security-breach-prompts-aark-digital-to-issue-225k-bounty/ (Dec 31)
@Aark_Digital Twitter (Dec 31)
@Aark_Digital Twitter (Dec 31)
@Aark_Digital Twitter (Dec 31)
@Aark_Digital Twitter (Dec 31)
@Aark_Digital Twitter (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.