An unknown token called SKYWARD, native to the Skyward Finance platform, has lost 95% of its value since Wednesday. According to the protocol’s developer team, the network suffered an exploitation that resulted in the loss of US$ 3 million, about 15 million at the current price. The attack took place in the early hours of Wednesday, as reported by the Twitter user. Sanket Naikwadi. He was the first to report the exploit, as Skyward was unaware of the attack. Only after six hours of Naikwadi’s tweet did the Skyward team officially publicize the attack on their social media. The developers blocked the affected contract and asked users not to move funds in the protocol. Skyward Finance is a decentralized finance network running on the Near Protocol (NEAR) blockchain. Before the attack, the SKYWARD token was worth around R$70, but its price dropped to R$3.06 shortly after the attack was confirmed.
SKYWARD price plummets after hacker attack. Source: CoinGecko.
understand the attack
According to Naikwadi, the exploration was first noticed by NearScout, a member of the Near community. Because of a flaw in one of the protocol’s contracts, the attackers were able to make multiple withdrawals with a single transaction. Firstly, the hackers bought SKYWARD tokens in large quantities from Ref Finance, a decentralized exchange (DEX) on the NEAR protocol. Then they redeemed the tokens through Skyward’s treasury. With this redemption, users receive NEAR in exchange for the DeFi tokens they hold. But because of the flaw, the hackers received more NEAR tokens than their SKYWARD was worth. The attackers repeated the process several times until they rescued all the wrapped tokens from NEAR (wNEAR). These wNEAR were part of Skayward’s treasury, which was fully looted. In total, the hackers took 1.1 million wNEAR, which corresponds to the R$ 15 million stolen. Read also: MATIC price rises 17% after whales break transaction record
Skyward blocks smart contract
Naikwadi said he alerted Skyward Finance and Ref Finance about the attack and advised SKYWARD token holders to redeem or exchange their tokens quickly. Also, the developer advised people not to transact on Skyward Finance. Six hours after the Naikwadi update, Skyward Finance officially informed users about the attack. However, the team only repeated the developer’s instructions, asking users not to interact with the protocol. Then the team blocked the contract affected by the attack. “Contracts are fully locked, which means no one can pause or prevent future issues with the $SKYWARD token – not even us. We recommend that users withdraw their funds safely where they can and that the community no longer interacts with Skyward,” the team said.
SKYWARD 95% token dumps
Skyward also noted that past and current token sales were unaffected by the attack. The protocol told users who hosted or participated in token sales not to worry as they could safely withdraw their funds. However, SKYWARD collapsed 95% shortly after the attack and did not recover. Even with a 47% increase this Friday (4), the token still has less than 10% of the value it had before the invasion. Meanwhile, this is the third attack reported in November, the first and largest being against derivatives exchange Deribit. As reported by CriptoFácil, the platform lost BRL 142 million after hackers attacked its online wallet.
