Jun 2024 - SteamSwap (STM) Vulnerable Reserve Balance - $106k (Global)
"Steam Swap is a decentralized digital asset trading platform that focuses on connecting digital asset trading markets around the world and providing users with efficient, secure and transparent trading services. We are committed to building an open, connected blockchain ecosystem that allows users to freely exchange digital assets and realize the flow and value of assets. Steam SWAP makes digital asset trading easier and more convenient! Our vision is to become a leader in the blockchain industry, lead the future development trend, and make STEAM SWAP a shining star in the blockchain world!"
"In order to ensure a smooth launch, we temporarily replaced the high-defense server. Considering the time difference of global members. we decided to adjust the launch time to UTC time June 6, 2024 05:00:00 Thank you"
"The vulnerable MineSTM contract has a sell function that uses a reserve pair for liquidity calculation. Notably, this exploited contract was deployed roughly 16 hours before the incident took place."
"The exploiter initially took a flash loan of 500,000 BSC-USD and used it to purchase roughly 2,740,041 STM tokens. The exploiter was able to manipulate this reserve balance by swapping a large amount of these tokens, and then ultimately called the above sell function to complete their attack."
"a loss of approximately $105K."
"The excess of the STM tokens were sold for profits worth approximately $91,670 before repaying the borrowed flash loan."
"Another attacker, likely a copycat of the original exploiter, executed yet another attack transaction to profit by roughly $13,892."
"According to monitoring by the SlowMist security team, SteamSwap(STM) on BNBChain was attacked, resulting in a loss of approximately $105K."
"Steam Swap was exploited across two different transactions on the $BNB chain due to the price manipulation of the underlying assets, resulting in a loss of assets worth approximately $105,000."
"During tonight's node LP minting and mining process, a vulnerability was discovered in the contract. To ensure the system's security and stability, we have decided to conduct a security audit of the contract. The audit report is expected to be completed within 7-10 business days."
Further Analysis
Steam Swap is a decentralized digital asset trading platform. There smart contract was unfortunately vulnerable to reserve balance price manipulation. This allowed multiple attackers to use flash loans to manipulate the prices and drain funds. The protocol lost ~$106k worth of assets. The team has decided to audit the smart contract and relaunch. No mention of any reimbursements could be located.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
Gemholic Ecosystem Rug Pull > > < < Kraken Exploit Found/Used By CertiK
Sources/Further Reading
SlowMist Hacked - SlowMist Zone (Dec 31)
@SlowMist_Team Twitter (Dec 31)
MineSTM | Address 0xb7d0a1adafa3e9e8d8e244c20b6277bee17a09b6 | BscScan
(Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(Dec 31)
https://www.stmswap.com/ (Dec 31)
@SteamSwap_ Twitter (Dec 31)
@SteamSwap_ Twitter (Dec 31)
@SteamSwap_ Twitter (Dec 31)
@neptunemutual Twitter (Dec 31)
How Was Steam Swap Exploited? (Dec 31)
0x40f3bdd0a3a8d0476a | Phalcon Explorer (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|