Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

May 14, 2022

info.png

Verified

1

zerofriction.io

Loss Amount:

18,000

info.png

Recovered Amount:

-

Currency:

Dollars

KYC By:

Audit By:

None

None

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Fantom

Protocol

Staking

Front-end Vulnerabilities

Extended Method:

Loss of access control, front-end manipulation, and redirect of funds

Data Sources:

info.png

The SpiritSwap protocol adds incentives for Fantom network participants by introducing revenue sharing through the classic AMM model. The project provides a platform for trading, staking, and farming.

The project reported that the hacker has managed to exploit Godaddy, hijacked the domain and copied the codebase and in the process changed the swap parameters. Essentially created a fake UI (using old site) and sends swaps to his wallet. The project is unable to take down site because they do not have access to it and is working with Godaddy to regain control of the domain.

This is the fourth known attack of this type on our database so far this year. We checked the domain record, and it appears that the domain was hijacked on 2022-05-13T19:20:30Z. However, the sad thing is that it has been more than 14 hours since the status update the malicious site is still up.

https://twitter.com/Spirit_Swap/status/1525238425468964864?s=20&t=zQJWp9ajCkZBCVYA7IBV-w

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.