News

Skyward Finance exploit leads to $3 million loss, decoding details

Published

on

Source: Unsplash

Barely three days into the month of November and the crypto space has already seen multiple hacks. The exploit carried out on Skyward Finance has become the latest addition to this month’s string of hacks.

Skyward Finance is a fully permissionless open-source launchpad on the NEAR protocol. The firm revealed earlier on 3 November that it had fallen victim to a multi-million dollar contract exploit. 

More on the hack

The attack was first brought to light by Sanket Naikwadi on Twitter, who is a member of Aurora Labs. Naikwadi tweeted that Sky Finance had been exploited for 1.1 million NEAR tokens, which are currently worth $3.3 million. 

The perpetrator began by buying lots of SKYWARD tokens on Ref.finance. These tokens were then redeemed through the treasury on Skyward Finance. “looking at txn it seems he passed multiple arguments in a single txn. so for every extra passed value, he got extra redemption without having SKYWARD Tokens.” Naikwadi stated. 

This process was repeated until the treasury was completely drained of all wrapped NEAR tokens. 

The Skyward team was quick to respond once it was alerted, but given that these contracts are locked, there was nothing they could do. 

When the dust settled, the Skyward Treasury was empty and the SKYWARD token was worth next to nothing. Data from

CoinGecko showed that the token lost more than 95% of its value since the exploit took place. 

As for NEAR protocol, data derived from DeFi Llama revealed that its total value locked (TVL) plunged by almost 6%.

Skyward Finance has clarified that previous and current token sales were unaffected by this exploit. All the users have been urged to withdraw their funds and refrain from interacting with the platform. 

The month of November has only just begun and the crypto space has already lost more than $33 million to exploits and hacks. Skyward’s exploit comes just a day after crypto exchange Derbit had its hot wallet compromised which led to a loss of $28 million.