Crypto liquidity provider Team Finance announced on Thursday the halt of its services following a $14.5 million exploit.
Team Finance Loses $14.5M
The protocol has a migration feature that enables a switch from v2 tokens to their v3 counterparts. The hacker exploited this feature, thereby transferring real Uniswap v2 liquidity to a new v3 pair under their custody.
According to on-chain data, the initial fund that got stolen was 1.76 ETH. The exploiter withdrew the fund through the crypto exchange Fixed Float. At the time of writing, the rest of the stolen cryptos remain in the wallet of the hacker. These include 880 ETHs, 6.4 million DAI, 11.8 million TSUKA, and 74.6 trillion CAW.
About an hour into the attack, Team Finance responded, shutting down its protocol activities and addressing the public about the incident. While the platform noted that “all funds currently on Team Finance are not at further risk of this exploit,” the bad actor had already gotten away with $14.5 million worth of crypto assets.
Team Finance’s total value locked (TVL) has dropped, as revealed on crypto aggregator DefiLlama. At the time of writing, the project’s TVL was $128.7 million, which is a 13% decline from its value earlier today.
Source: DefiLlama
DeFi – A Playground for Hackers
In recent times, several decentralized finance (DeFi) platforms have fallen victim to attacks by hackers. Earlier this month, Mango Markets, a Solana-based DeFi project, suffered an exploit that swept over $100 million from its custody.
The attacker conducted the exploit by manipulating the oracle price. This was achieved when the hacker “temporarily spiked up their collateral value,” and proceeded to withdraw huge loans from the project’s treasury.
Following the loss, Mango received a governance proposal from the hacker, requesting a bounty reward of about $70 million. The proposal also stated that the Mango team should not freeze the funds after they are returned or conduct a criminal investigation.
Overall, a recent report showed that over $3 billion has been lost to crypto exploits since the start of 2022.