link.png

ID:

spirit-swap-896

Date:

Status:

Incident Count:

May 14, 2022

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

No

info.png

Audit By:

Audits:

None

Loss Amount:

18,000

info.png

Recovered:

-

Rewards:

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Fantom

Protocol

Staking

Front-end Vulnerabilities

Extended Method:

Loss of access control, front-end manipulation, and redirect of funds

info.png

Days in Operation:

526

(1.44 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

The SpiritSwap protocol adds incentives for Fantom network participants by introducing revenue sharing through the classic AMM model. The project provides a platform for trading, staking, and farming.

The project reported that the hacker has managed to exploit Godaddy, hijacked the domain and copied the codebase and in the process changed the swap parameters. Essentially created a fake UI (using old site) and sends swaps to his wallet. The project is unable to take down site because they do not have access to it and is working with Godaddy to regain control of the domain.

This is the fourth known attack of this type on our database so far this year. We checked the domain record, and it appears that the domain was hijacked on 2022-05-13T19:20:30Z. However, the sad thing is that it has been more than 14 hours since the status update the malicious site is still up.

https://twitter.com/Spirit_Swap/status/1525238425468964864?s=20&t=zQJWp9ajCkZBCVYA7IBV-w

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.