Base project RocketSwap has shared an emergency plan with users as it looks to recover from a brute force hack that saw the protocol lose around 471 ETH, valued at around $865,000, on the 14th of August.
The team behind the project also plans on reaching out to the hacker.
The Emergency Plan
The team at RocketSwap explained in a post on X on the 15th of August, stating that they planned to redeploy a new farm contract, following which it would be open-sourced on-chain. The team stated that they would also be relinquishing mining rights, mostly of RCKT, and also reach out to the hackers in an attempt to negotiate a return of the stolen assets, This approach was taken by Curve, and several other decentralized protocols following the Curve exploit.
“The emergency programme agreed upon by the team is as follows. We plan to redeploy a new farm contract by dropping the proxy contract and open-sourcing it on-chain. The new farm will advance the production reduction plan by 0.075 per block. The team relinquishes minting rights and retains only low-risk rights to allocate new pools. Locked initial liquidity and 80k tokens will be extended for 1 year. The team will continue to roll out LaunchPad, with further updates planned. Telegram groups will be reopened after stabilization. Call on hackers to return assets to victims.”
The RocketSwap Hack
On the 14th of April, a hacker managed to steal around 471 ETH, bridging it from Base to Ethereum. The activity was flagged by blockchain security firm PeckShield. The hacker then created 90 trillion LoveRCKT tokens before transferring them to Uniswap, along with 400 of the 471 ETH initially stolen. PeckShield detailed the hack in a post on X, stating,
“#PeckShieldAlert The @RocketSwap_Labs exploiter has grabbed ~471 $ETH and bridged them from #Base to #Ethereum, and then created the token $LoveRCKT, the exploiter already supplied 90T $LoveRCKT and 400 $ETH to #Uniswap.”
RocketSwap eventually confirmed the news on the same day, with PeckShield and another blockchain security firm, CertiK, providing additional details about the hack a few hours later. The attack was attributed to a brute force attack on RocketSwap’s server, with the protocol stating,
“As a result of the team’s investigation, We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server. A brute force hack of the server was detected, and due to the proxy contract used for the farm contract, there were multiple high-risk permissions that led to the transfer of the farm’s assets. We shut down the farm to prevent further damage. The team is currently working on an emergency plan, and the Telegram group has been banned for the time being. The loss of farm assets is only a concern, DEX is not affected in any way.”
Growing Headaches On Base
Coinbase’s layer-2 blockchain Base has faced several issues since commencing operations. LeetSwap, a leading decentralized exchange on the Base blockchain, suspended trading operations after flagging a security vulnerability in their factory, leading to the suspicion of compromised pool liquidity. The pause was done so that the team could investigate the issue further. PeckShield reported that around 340 ETH was exploited from liquidity pairs on Base, showing the gravity of the prevailing situation.
Prior to the pause in trading by LeetSwap, the BALD memecoin suffered a significant drop in value. The crash occurred after the token’s developer withdrew 6800 ETH, valued at around $12.5 million, from the liquidity pools on LeetSwap, raising several eyebrows and compounding the list of issues faced by LeetSwap. Furthermore, Coinbase is also dealing with its own set of regulatory challenges after finding itself as a target of the United States Securities and Exchange Commission (SEC). The Securities and Exchange Commission has ordered Coinbase to stop all crypto trading, except for that of Bitcoin. When Coinbase questioned the decision made by the regulatory body, Coinbase filed a lawsuit against the exchange.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source:https://cryptodaily.co.uk/2023/08/rocketswap-outlines-emergency-plan-following-865000-exploit