Stader’s NearX smart contract bug was exploited. $NEAR, the native token of Stader, dropped by -99.8% PeckShieldAlert reports. Around $830K worth of liquidity pools for NearX was stolen, while staked Near remains safe. The users are unable to stake, unstake, or withdraw as the team investigates the case.
A small bug within a blockchain network or platform can cost millions of dollars. Almost every hacker or scammer is on an alert to find loopholes that they can exploit and gain access to steal digital assets.
As Web3 expands, security concerns are also increasing day by day. Furthermore, the lack of regulations from government regulators makes it worse because people can easily escape the radar of investigations due to insufficient laws.
On August 16, yet another Web3 platform was exploited due to an existing bug.
Stader NearX smart contract bug exploit
According to the Stader team, the NearX smart contract contained a bug that was exploited by the attackers. The malicious hackers attacked the smart contract and drained out NearX tokens, limited to the liquidity on DEXs.
In other words, the hack actually happened on Stader’s liquidity staking, which is the NearX token on Ref Finance and Jumbo decentralized exchanges.
When the attack happened, the platform immediately paused the smart contract to prevent users from staking, unstaking, or withdrawing funds from their wallets. This decision was made to protect consumers from losing their digital assets in the exploit.
The team spent hours fighting the exploit and recovering the stolen funds. Later, Stader on Twitter gave an update on the situation, saying that it had recovered “Staked $NEAR on NearX dapp with validators”. Additionally, the exchange rate on the dapp is also intact now.
To explain it better, the exploit took place on the liquidity pools of NearX tokens, and the already staked Near tokens were completely safe and distributed to the validators.
The reported damage took place on LPs as $165K NEAR which is around $830,000.
Beosin Alert explains how the attacker exploited the bug, “The attacker “gregoshes.near” first deposited 82 $Near to get 79 $Nearx. Then he exploited a Reentrancy vulnerability in the nearx.stader-labs.near contract’s batch_transaction function.”
The attacker repeatedly transferred the 79 NearX to himself and gathered a huge amount of NearX, which was then exchanged for Near tokens.
$NEAR drops 99.8%
Following the news of the exploit, the NEAR token dropped drastically to 99.8%, as reported by PeckShieldAlert.
Based on CoinGecko, the token has previously been trading at $1.71 and dropped to $0.00354114 with 24h trading volume of $7M, at the time of writing.
Stader has announced they will be cracking down on the attacker by partnering with security firms.
“Stader is working with security experts to investigate this thoroughly. We are exploring all options to recover user funds. Our developer & security teams are working to resolve this. We will share further updates soon,” the official statement reads.
On the other hand, Stader has paused the Near smart contract.