Fortress Protocol Lost USD 3 Million in Oracle Price Manipulation Attack
Fortress Protocol is in shambles after USD 3 million worth of cryptocurrency was stolen through an assault on the third-party infrastructure by an oracle price manipulation attack on Sunday. Fortress is an algorithmic money market and synthetic stablecoin protocol that became the latest victim for hackers.
Shockingly, it was drained all the funds it held during hacking. Fortress protocol’s official Twitter handle explained in a series of tweets that all the stolen funds were subsequently transferred from Binance Smart Chain to Ethereum and mixed with privacy protocol Tornado Cash.
Fortress Protocol lost nearly USD 3 million (USD 2,979,724) with the theft of 400,000 tokens (USD 2.98 million) in the stablecoin and 1,048.1 tokens (USD 2.58 million) in Ethereum. CertiK, a blockchain security company, revealed information about the hack with Cryptopotato on Monday.
Another blockchain security firm Blocksec stated that Fortress Protocol lacked power verification, which allowed hackers to break in. Blocksec explained that the threat actor was able to change the price of FTS and used a large purchase of the coin to make different adjustments. Hackers used Ethereum to buy a significant number of FTS – the governance token that governs the FTS system.
“Fortress has been hit with what we believe is an oracle manipulation attack draining all funds. We are investigating to determine the exact method of attack. PLEASE DO NOT SUPPLY ANY ASSETS TO FORTRESS!” the company said.
“We need the support of all of our partners and key organizations in the community to assist and try to freeze and bring back the funds! IF THERE IS ANYTHING ANYONE CAN DO PLEASE DM US!” Fortress said.
Useful Link: Red Cross Data Breach Compromises Thousands of Records
Blockchain firm PeckShield also warned DeFi data oracle Umbrella Network about its participation in the recent incident. Umbrella Network said, “aware of the recent exploits that may have stemmed from an Umbrella Network price feed error.”
“We’re currently looking into the matter with our team and partners. We have already deployed a hotfix to address the issue that was identified by our internal team, and corroborated by PeckShield,” said by Umbrella Network.
Tornado Cash: Attackers Tool of Choice
The ETH allowed to buy hacker’s initial FTS, and the Ethereum representing the attacker’s goods came and went through Tornado cash. Moreover, the merging protocol breaks the link between a sender and receiver address on Ethereum, which allows hackers to hide their identity from end to end.
Numerous crypto thieves have been following the same protocol in recent times. For instance, the hacker behind the USD 615 million ronin network attack in March is now solely responsible for keeping 15 percent of the money being deposited into Mixer.
These hacked projects showcase how crucial cybersecurity is. This is where StealthLabs comes in. With its strong domain expertise, StealthLabs has been catering to company needs in diverse areas of information security.
So, reach out to us and double down on your defenses.
More Ransomware News: