DeFi Liquidity Locking Platform Team Finance Hacked for $15.8 million

InfoNesia.xyz – Team Finance, a DeFi platform used by other projects to lock their liquidity, has become the latest victim of a malicious exploit. This time, the attacker was able to steal $15.8 million worth of liquidity tokens from the project.

Thursday’s hack affected four different DeFi projects. These protocols have seen their liquidity suffer mild to serious drops following the theft. The attack is the latest security incident in the crypto space in October.

Details of the Team Finance Attack

The Team Finance exploit happened because of a flaw in the project’s migration contract, according to blockchain forensics outfit PeckShield. Details given by the security firm state that the attacker exploited the platform’s v2 to v3 migration protocols. V2 and v3 here refer to version two and version three of the Team Finance liquidity locking platform. Some projects’ liquidities are on Team Finance v2 while others are in the v3.

The attacker was able to manipulate the price of some liquidity tokens in the v2 and migrate them to the v3. In doing so, the attacker could then profit off the price disparity. On-chain data from Etherscan shows the attacker targeted four DeFi projects, namely Kondux, Dejitaru Tsuka, Kondux, and CAW (A Hunters Dream). The latter of the four was the most affected of the four projects with $11.5 million of CAW’s liquidity tokens siphoned in the incident. Both CAW and Dejitaru Tsuka seem to be the most affected by the attack with reports that their entire liquidity has been drained.

Team Finance put out a statement on Twitter confirming the attack, stating:

“We have just been alerted of an exploit on Team Finance. We are currently unsure of the details. We urge the exploiter to get in contact with us for a bounty payment We are working to analyze and remedy the situation at this very moment.”

Team Finance also stated that it had paused all activity on its protocol to prevent further attacks. The team stated that user funds are not at further risk of the malicious exploit.

No Stopping Hacktober

October has always been a busy month for crypto security incidents and 2022 is proving to be no different. This month has already seen several high-profile crypto thefts and malicious exploits including attacks against BNB chain and Mango Markets. In both incidents, the attacker was able to siphon more than $100 million each.