With “Hacktober” ending in a few days, yet another crypto platform has been added to the list of crypto protocols that have lost millions of dollars worth of digital assets to hackers this month.
Earlier today, cryptocurrency vesting platform Team Finance announced it had become the latest victim after losing $14.5 million to a bug exploit. The platform added that the attackers stole the digital assets through its recently audited v2 to v3 migration function.
Team Finance has temporarily suspended all activities on the platform to prevent further attacks. The project is now hoping that the hackers will get in touch to discuss a bounty payment and refund the stolen funds.
“We have just been alerted of an exploit on Team Finance. We are currently unsure of the details. We urge the exploiter to get in contact with us for a bounty payment. We are working to analyze and remedy the situation at this very moment. More details to follow,” the platform said.
Team Finance describes itself as “the industry leader in project security and automation.” The platform offers several token vesting services, including token locks, liquidity locks, token generation, and vesting schedules.
Team Finance’s $14.5 million exploit adds to over $700 million that has been lost to cyber attacks this month alone. The first two weeks of October saw the most hacks as several decentralized finance (DeFi) platforms lost significant amounts in 11 different exploits.
The attacks started with decentralized exchange (DEX) Transit Swap losing nearly $23 million after a bug in its code was exploited. Although the project retrieved a large chunk of the stolen funds after intense negotiations, most of the hacked platforms were not lucky enough to get a refund from their attackers.
On October 6, hackers exploited BNB Chain, one of the largest blockchain networks, siphoning millions of dollars worth of crypto assets. A few days later, DeFi derivatives platform Mango Markets lost over $100 million through an oracle price manipulation.
Last week, crypto wallet provider BitKeep Wallet lost $1 million worth of assets after an attacker exploited a vulnerability in the platform’s swap feature.
UPDATE
CryptoPotato has reached out to the team to find out how the situation unfolded and the way it was handled. As part of its official response, the team said:
First and most importantly, all affected clients got the vast majority of their funds back.
Since the incident, TrustSwap has made many changes to mitigate the chances of this ever happening again.
These include but are not limited to:
- Replacing our previous auditor with Certik
- Engaging with multiple audit firms to get second and third opinions regarding the situation and validation of our fixes for the technical issue (Removal of the migrate function);
- Performing a vast array of internal system and process audits to verify no similar exploits are possible;
- Enhancing our internal software development QA processes;
- Beefing up our backend system architecture;
- Implementing system-wide, third-party software security enhancements;
As always, our customers remain our number one priority.
Team Finance has stayed secure after the incident and remains a Web3 software leader in the token management space (token generation, locks, liquidity locks, vesting, and much more).