link.png

ID:

melody-1236

Date:

Status:

Incident Count:

October 24, 2022

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

None

Loss Amount:

610,161

info.png

Recovered:

-

Rewards:

Ticker:

USD, SNS

info.png

Melody is a Web3 App combining GameFi and SocialFi. Players can earn tokens through singing, listening and scoring, and playing in karaoke rooms with their NFT passports in the forms of Microphone, Headphone, and Karaoke Room, etc. And the tokens earned via games can be continuously consumed in the game or cashed out for real profit.

The dev team reported an exploit where 2224 BNB was taken and deposited into Mexc.com. The App's token address was compromised allowing the exploiter to withdraw tokens to himself which he later swapped for WBNB.
According to Supremacy, the attack was not a contract-level vulnerability, but rather a vulnerability involving an Off-chain module. In other words, the vulnerability in the project's Off-chain signature generation module allowed the hacker to bypass access controls and use the API Issue to generate legitimate signatures to extract SGS and SNS and sell the stolen funds via Dex for a profit of 2,225 BNB.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.