The individual who exploited the protocol intends to keep a 10% bounty of the stolen funds.
Four projects have received some $7 million worth of tokens from the hacker behind the $14.5 million Team Finance exploit on Oct. 27. Over the weekend, the attacker confirmed in a series of messages that they would keep 10% of the stolen fund as a bounty and return the other tokens to the affected projects.
The exploiter — a self-described “whitehat” — drained assets from Team Finance through the Uniswap v2-to-v3 migration. As reported by Cointelegraph, liquidity from Uniswap v2 assets on Team Finance were transferred to an attacker-controlled v3 pair with skewed pricing, explained the blockchain security firm PeckShield.
The stolen funds included USD Coin (USDC), CAW, TSUKA and KNDA tokens. Some of the affected tokens, such as CAW, suffered steep price declines due to the exploit and subsequent liquidity crunch.
On Oct. 30, Kondux, a nonfungible token (NFT) marketplace, announced it received 95% of the stolen funds, or 209 Ether (ETH), while Feg Token recovered 548 ETH. Tsuka’s blockchain protocol also confirmed receiving over $765,000 worth of the stablecoin Dai (DAI) and 11.8 million TSUKA. Caw Coin — the biggest victim of the exploit — received back $5 million worth of DAI and 74.6 billion of its native token, CAW.
We’re thrilled to announce we have received 95% of the exploited ETH back!
Please bear with us in the coming 48 hours ⏳ as we await the $KNDX to return so we can plan our next move forward. ⏩
Massive thanks to the community for their unwavering support $FEG $CAW $TSUKA
— Kondux (@Kondux_KNDX) October 30, 2022
On Twitter, the protocol urged the hacker to get in contact for a bounty payment. According to Team Finance, its smart contract had been previously audited, and developers had temporarily halted all activity on the protocol. The company was founded in 2020 by TrustSwap, which provides token liquidity locking and vesting services to project executives. The protocol claimed to have $3 billion secured across 12 blockchains.
The exploit followed the Mango Markets attack on Oct. 11, when a hacker manipulated the value of the platform’s native token, MNGO, to achieve higher prices. The attacker then took out significant loans against the inflated collateral, draining Mango’s treasury.
After a proposal on Mango’s governance forum was approved, the hacker was allowed to keep $47 million as a “bug bounty,” while $67 million was sent back to the treasury.