Fantom-based algorithmic asset protocol Fantasm Finance has been exploited to obtain crypto in excess of $2.6 million early Thursday. The stolen tokens could be used to swap for ether with privacy protocol Tornado Cash.
“Our FTM collateral reserve has been exploited, there is still 1,820,012 FTM pool balance remaining currently for redemption,” they tweeted. FTM is Fantom’s native token and one of the tokens used as collateral backing on Fantasm.
Hackers were able to mint XFTM, a representation of Fantom’s FTM on Fantasm, by using a small amount of Fantasm’s FSM tokens. Nipun Pitimanaaree (Alpha Finance lead engineer) explained that the hackers started with 50 FTM but used more to swap for over 2.8million XFTM. tweet
after examining blockchain records.
The funds stolen were later recovered. swapped for over 1,007
ether – about $2.6 million at current prices – using privacy protocol Tornado Cash, which allows for anonymous token swaps.
According to the Fantasm developers in a follow-up tweet
that some of the FTM collateral was “white hacked,” a process that refers to exploiting a protocol to flag security concerns or, in this case, recover tokens at the risk of getting hacked.
Fantasm Finance, launched earlier this month, is a decentralized finance (DeFi) project aimed at developing synthetic tokens for the Fantom ecosystem. DeFi is a way to use smart contracts to provide financial services to users. Synthetic tokens, which are blockchain-based representations for financial assets such as cryptocurrencies, are part of decentralized finance (DeFi).
Meanwhile, Pitimanaaree cautioned in a tweet
that additional vulnerabilities related to Fantasm’s flash-loan product might still exist.