Apr 2025 - Aventa Project IntelliQuant Reward Claim Flash Loan Attack - $8k (Global)
Aventa specializes in creating intuitive Web3 utilities for the crypto community. Aventa is a pioneering Web3 and AI-powered crypto project that aims to transform blockchain interactions through its EVM-compatible, Layer 1 blockchain called Aventa Chain. This ecosystem combines multi-blockchain utility, AI-driven decentralized applications (dApps), gamification, and robust security features to enhance user experience across the decentralized space. At the core of Aventa is the $AVENT token, which enables participation in governance, access to exclusive NFTs, discounts on services, staking rewards, and a range of other platform utilities.
Aventa offers a suite of advanced tools and bots, including an AI Art Bot, Video Bot, Voice Assistant, Contract Scanner, and community features like Roast & Toast and Telegram due diligence tools. These are designed to support both developers and users in creating content, analyzing smart contracts, and fostering social engagement. The project is also focused on launching additional utilities such as a decentralized exchange (DEX), a bridge for cross-chain token transfers, and tools for AI contract auditing and video creation.
With a supply cap of 1 billion tokens, open-source contracts, and locked liquidity, Aventa emphasizes transparency and community involvement. The project is currently in development on several fronts, including its explorer, bridge, faucet, and AI integrations—all designed to bring real-world functionality and scalability to the Web3 landscape. Through its mission and growing utility stack, Aventa seeks to become a major force in the decentralized, AI-enhanced blockchain future.
The AventaRewardClaim contract had an unfortunate vulnerability.
The exploit targeted the claim() function, which is designed to transfer $AVENT tokens to users who hold $INQU tokens. However, the contract failed to properly track or limit claims per user or per token transfer. Attackers took advantage of this by deploying multiple contracts, transferring the same $INQU tokens between them, and repeatedly calling claim() from each contract. This allowed them to illegitimately claim $AVENT multiple times using the same $INQU, effectively draining the rewards.
According to SlowMist, $7k. According to Tikkala, $8k.
The incident appears to have been discovered by Tikkala Security and SlowMist.
It does not appear that any notification has been posted on Aventa's Twitter/X account.
Aventa does not appear to have acknowledged any exploit publicly.
Further Analysis
Aventa is a Web3 and AI-driven crypto project focused on delivering intuitive, multi-blockchain utilities through its EVM-compatible Layer 1 chain, Aventa Chain. With tools like AI art and video bots, contract scanners, and gamified community features, Aventa aims to enhance user engagement and developer capabilities within the decentralized ecosystem, powered by the $AVENT token. However, a recent vulnerability in the AventaRewardClaim contract was exploited, allowing attackers to repeatedly claim $AVENT tokens by cycling $INQU tokens through multiple contracts—resulting in a reported loss of $7k–$8k. The exploit was identified by Tikkala Security and SlowMist, though Aventa has yet to publicly acknowledge the incident.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
QuantMaster Employee Blames Smart Contract Drain On AI > > < < LIFE Protocol Price Not Updated When Sold Price Manipulation
Sources/Further Reading
SlowMist - "SlowMist Security Alert: We detected potential suspicious activity related to @AventaProject. As always, stay vigilant!" - Twitter/X (Dec 31)
Aventa Project Homepage (Dec 31)
Aventa Project Twitter/X (Dec 31)
Aventa Project Medium (Dec 31)
Aventa Reward Claim Smart Contract - Etherscan (Dec 31)
Aventa - IQ Wiki (Dec 31)
Exploit Transaction - EtherScan (Dec 31)
Tikkala Research - "The AventaRewardClaim Contract @IntelliQuant was attacked, losing ~$8k. The claim() function transfers $AVENT tokens to users when they have $INQU tokens. Attackers can create multiple contracts, transfer $INQU tokens between them, and claim $AVENT each time for each contract." - Twitter/X (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|