ID:
spirit-swap-896
100 pts
Platform:
Type:
Category:
Method:
Data Sources:
Fantom
Protocol
Staking
Front-end Vulnerabilities
Extended Method:
Loss of access control, front-end manipulation, and redirect of funds
Days in Operation:
526
(1.44 Years)





100 pts each
The SpiritSwap protocol adds incentives for Fantom network participants by introducing revenue sharing through the classic AMM model. The project provides a platform for trading, staking, and farming.
The project reported that the hacker has managed to exploit Godaddy, hijacked the domain and copied the codebase and in the process changed the swap parameters. Essentially created a fake UI (using old site) and sends swaps to his wallet. The project is unable to take down site because they do not have access to it and is working with Godaddy to regain control of the domain.
This is the fourth known attack of this type on our database so far this year. We checked the domain record, and it appears that the domain was hijacked on 2022-05-13T19:20:30Z. However, the sad thing is that it has been more than 14 hours since the status update the malicious site is still up.
https://twitter.com/Spirit_Swap/status/1525238425468964864?s=20&t=zQJWp9ajCkZBCVYA7IBV-w
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
​
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.