On October 27th, Team Finance suffered an exploit that saw a hacker make away with funds of $14.5 million.

However, $7 million worth of tokens has been sent to four projects by the hacker behind the said exploit.

The hacker’s message

The exploiter posted a series of messages in which he confirmed that he intended to retain 10% of the funds stolen as a bounty, while the rest would be returned to the projects that had been affected.

Describing himself as a ‘whitehat’, the hacker had used the Uniswap v2-to-v3 migration for draining assets from Team Finance.

PeckShield, the blockchain security firm, disclosed that the liquidity from Team Finance’s Uniswap v2 assets had been transferred to a v3 pair controlled by the attacker with skewed pricing.

The funds that were stolen in the attack included KNDA, TSUKA, CAW, and USD Coin tokens. After the exploit, a number of tokens involved like CAW, saw their prices decline steeply, thereby leading to a liquidity crunch.

A non-fungible token (NFT) marketplace called Kondux announced on October 30th that it had received 95% of the funds stolen, which were about 209 ether tokens.

Meanwhile, 548 ETH were recovered by Fed Token. Stablecoin DAI tokens worth $765,000 were returned to Tsuka’s blockchain protocol, along with 11.8 million TSUKA tokens.

The biggest victim of the Team Finance exploit was Caw Coin and it received 74.6 billion of its CAW native token and DAI stablecoins worth $5 million.

Team Finance

Team Finance urged the hacker via Twitter to get in touch for receiving a bounty payment. The protocol said that its smart contract had undergone an audit previously and all activity had been halted by developers.

TrustSwap founded the company back in 2020, which provides token liquidity vesting and locking services to executives that are part of the project.

According to the protocol, it had a total of $3 billion worth of tokens spread across 12 blockchains.

Other exploits

This exploit on Team Finance came after an attack on October 11th that had taken place on Mango Markets.

In that particular incident, a hacker had been able to manipulate the value of the MNGO token, which is the native token of the platform, and it had reached higher prices.

Once the attacker had inflated the collateral, he took out massive loans against it and this drained the Treasury of the Mango platform.

The governance forum of Mango approved a proposal, which allowed the hacker to enjoy a bug bounty of about $47 million.

Meanwhile, a sum of $67 million was returned to the Treasury of the platform once more.

As the popularity of crypto rises and the number of smart contracts increase, the number of such exploits is also rising.

Furthermore, this year has seen some of the biggest exploits happen in the crypto space, particularly the decentralized finance (DeFi) market, which has concerned a lot of people.

However, some of these hackers do return the funds they stole in exchange for a bounty.