DeFi hacks and rug pulls have become common by the day.
FinNexus, a decentralised finance [DeFi] options platform, was the most recent victim of a malicious entity’s exploit. While FinNexus has yet to publish a post-mortem report, the firm has cautioned users to withdraw their funds from the pools.. Its tweet regarding the same read,
“We regret to inform our traders and investors that the FinNexus erc20 contract appears to have been hacked. For safety reasons please withdraw your funds from the pools. The team is working on this issue and we will provide updates as they become available.”
The platform’s claims of the event being a smart contract hack was rebuffed by popular DeFi analyst and researcher, Chris Blec who speculated that either this is a case of a stolen admin key or was used maliciously by a team member.
What exactly happened with the DeFi Platform?
After digging deeper, another DeFi research analyst Igor Igamberdiev observed that FinNexus [FNX] contract deployer changed the token owner to some address on both Ethereum [ETH] as well as Binance Smart Chain [BSC] network. This address reportedly minted 323 million FNX [which was worth around $6M] on Ethereum and 60 million FNX [approximately $1.6 million] on Binance Smart Chain.
Following the minting, the attacker started dumping coins. In total, the decentralized options platform incurred a loss of $7.6 million.
So now the community was left wondering if this was a case of rug pull or stolen private key and FinNexus is yet to provide a conclusive report on the same.
Following the development of the exploit, the DeFi platform’s native token, FNX, crashed by more than 90% in the last 24-hours. Before the exploit, it was trading above $0.3 however, its price went on a downward spiral to a new low of $0.062, at press time. The crash could be attributed to the fact that a major portion of FinNexus’ token collateral was liquidated during the attack.