The attacker exploited the unlimited minting vulnerability on Arbitrum to seize approximately 1.55 million USD worth of ETH and USDC, affecting the liquidity pool of Morpho Vault and Uniswap v4.
The Kinto project development team is coordinating with relevant parties to trace the stolen money while also restoring Token K balances to the time before the attack and restarting trading on centralized exchanges (CEX) before July 31.
MAIN CONTENT
The attacker exploited the unlimited minting vulnerability on Arbitrum to issue 110,000 fake Token K.
Approximately 1.55 million USD worth of ETH and USDC in the Morpho Vault and Uniswap v4 pools has been drained.
The Kinto team is committed to tracing and restoring the balance and trading price of Token K to the time before the incident.
How did the attack exploiting the minting vulnerability unfold?
Ramon Recuero, co-founder of Kinto, confirmed on social media on July 11 that hackers exploited a vulnerability that allowed unlimited minting of Token K on Arbitrum to create 110,000 fake Tokens, thereby flooding the liquidity in Morpho Vault and Uniswap v4. The incident caused damage of about 1.55 million USD in ETH and USDC.
Technical analysis shows that this exploit takes advantage of the uncontrolled minting feature on the smart contract of Token K, causing an imbalance in the liquidity pool and driving the price of Token K to fluctuate wildly.
"We have discovered a serious vulnerability that allows unlimited minting of Tokens, enabling malicious actors to exploit and seize assets from the liquidity pool. Coordination with partners and stakeholders is being mobilized to quickly trace and minimize damage."
Ramon Recuero, Co-founder of Kinto, 11/7/2024
What measures has the Kinto team taken to address the consequences?
Immediately after discovering the incident, the Kinto team contacted legal, technical departments, and partners to trace the stolen money flow. Not only that, but they also committed to restoring users' Token K balances to the snapshot before July 31 and will restart trading of Tokens on centralized exchanges (CEX) at prices equivalent to those before the attack occurred.
Kinto's representative stated that if the stolen amount is found or recovered, the priority will be to refund and stabilize the Token market, demonstrating a commitment to investors and the project community.
What is the impact of this incident on the market and Token K users?
The loss of nearly 1.55 million USD and the price fluctuation of Token K has caused considerable confusion in the community. According to on-chain reports, liquidity in Morpho Vault and Uniswap v4 has significantly decreased, directly affecting trading and payment capabilities. Token K investors should be aware of strong price volatility and the risk of rapid asset loss.
The lessons learned from the attack also emphasize the importance of stricter control and auditing of smart contracts, especially for Tokens operating on Layer 2 like Arbitrum.
"Security vulnerabilities in Layer 2 projects can cause serious losses if not monitored and patched in a timely manner. This is a wake-up call for the entire cryptocurrency ecosystem."
Blockchain security expert Nguyen Van Nam, 06/2024
Comparing the security effectiveness and risk management of popular Layer 2 platforms
Platform Security Form Risk Management Smart Contract Number of Serious Attacks (2024) Arbitrum (Kinto) Third-party audit, but has unlimited minting vulnerability Improving and ongoing, not yet strong 1 case Optimism Strict audit, multi-sig integration Regular patch updates and reviews 0 cases zkSync Secured by zk-rollup, periodic audits Rapid error reporting system, limited minting rights 0 cases
Frequently Asked Questions
1. What is the unlimited minting vulnerability? This is a smart contract error that allows the creation of unlimited Tokens, causing imbalance and making it easy to exploit. Regular technical audits help detect this error early. 2. How to trace the stolen money on the Blockchain? Experts use on-chain analysis tools combined with legal cooperation to track money flows and the parties involved in transactions. 3. How to restore Token balances after an attack? The development team will recover data based on a snapshot before the incident and update the corresponding account balances, usually requiring support from exchanges. 4. What should investors do when a Token faces a security incident? They should monitor official information from the project, avoid trading during periods of strong price fluctuations, and prepare reasonable risk management plans. 5. What should Layer 2 projects do to enhance security? Improving audits through third parties, limiting minting rights, and increasing early warning alerts for abnormal behavior are top priorities.
Source: https://tintucbitcoin.com/kinto-lianchuang-mat-155-trieu-usd/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!
