12. Oktober 2020

WLEO project hacked for $42,000 through Uniswap

The WLEO contract was hacked on Sunday night (11), resulting in $42,000 in stolen funds. The hacker stole Ethereum (ETH) from the Uniswap pool by generating WLEO for himself and exchanging it for Ethereum.

„From what I’ve heard, this happened to many other pools at Uniswap. The contract/address to issue the token is exposed and then someone takes the opportunity to generate infinite tokens and pull the Uniswap pool to steal the Ethereum,“ Khaleel Kazi, founder of the LEO Finance community, said in a report on the hack.

WLEO is a weapped version of the LEO token, which runs in the Hive’s blockchain. The price of WLEO is tied to the LEO token, but as it works in the Ethereum blockchain, it can be used in smart contracts and has access to the wider Ethereum ecosystem. The price of LEO has dropped by approximately 60% as a result of the hack – but has since recovered to its current price of $0.146.

While the hack was taking place, WLEO users were quick to notice false transactions taking place and responded by quickly removing 50% of the pool’s liquidity within an hour. Within hours, more than 75% of the liquidity was removed from the pool, limiting the returns the hacker could have.

Also read
96% of total DeFi transactions take place on Ethereum
US$ 1.5 billion in bitcoin are locked in tokens on the Ethereum network
Ethereum transaction fees fall 85% three weeks after historical maximum
Since then, the hacker, whose address is known, would have transferred Ethereum to Binance using anonymous accounts, making it almost impossible to trace the stolen funds.

„Binance has been contacted, but there may be nothing they can do, as the hacker seems to have used accounts without kyc to receive ETH,“ added Kazi.

It is still unclear how the hacker was able to carry out the theft. According to Kazi, the exploit doesn’t seem to be the WLEO oracle fault, which allows the blockchain to interact with real world data or out of jail.

„This reduces to just a few possibilities of how they exposed the WLEO contract. We’ll disclose more details as we continue to investigate and restrict further,“ Kazi said.