The Shido blockchain, a layer-1 proof-of-stake project, has been hit by an exploit that saw billions of its native token, Shido, siphoned away.
This incident led to the Shido token plummeting by 94% in value within just 30 minutes.
According to reports from blockchain security firm PeckShield, the attack resulted in the loss of over 4.3 billion Shido tokens. This accounted for nearly half of its circulating supply, which had a value of approximately $35 million before the price collapse.
The exploit was first brought to light by PeckShield, who alerted its followers in a Feb. 29 X post detailing how an attacker managed to gain control of Shido’s Ethereum staking contract. Subsequently, the exploiter transferred the contract to another address, where it was then upgraded with a hidden function enabling the withdrawal of staked tokens.
According to its website, Shido, an Ethereum-based ERC-20 token, offers investors the opportunity to stake their coins on the project’s decentralized exchange (DEX) and earn an 8% annual yield. It had been gearing up for its mainnet launch, with an announcement set for the week following the attack.
In the aftermath of the exploit, Shido’s token price has recovered slightly and sits currently at $0.002056, down by 74.6% within the last 24 hours, according to CoinGecko data.
ZachXBT, an on-chain investigator, disclosed that the attacker’s address was first funded with crypto bridged from Layerswap, a cross-chain protocol, and then from the Arbitrum blockchain.
They also claimed to have identified the real identity of the wallet owner responsible for funding the exploiter. However, this individual also appeared to have fallen victim to hacking, as their assets were swiftly transferred before being used to fund the attack.
Another user, known as “Wazz,” also shed light on the exploit’s funding mechanism, noting that the attacker used multiple bridges to carry out the exploit. They stated that despite efforts to track the stolen funds, it seems the trail went cold, prompting warnings against purchasing Shido tokens while the attacker still retains control of a large portion of them.