Hack Alert - SHIDO Exploited For $35M
What Happened?
The token for the layer-1 blockchain Shido plummeted by as much as 94% today (29th Feb 2024) due to an exploit on its Ethereum-based staking contract.
Blockchain security firm PeckShield alerted its followers to the drop and explained that an exploiter transferred the blockchain’s Ethereum staking contract to another address, then upgraded the contract with a hidden function to withdraw staked tokens.
The attacker managed to withdraw over 4.3 billion Shido tokens, nearly half of the almost 9 billion circulating token supply, worth around $35 million before the price drop.
Pseudonymous on-chain researcher ZachXBT discovered that the exploiter's address was funded through crypto first bridged from the cross-chain protocol Layerswap and then from the Arbitrum blockchain.
ZachXBT also found the real identity of the wallet owner that funded the exploiter, suggesting they too were hacked as their assets were suddenly transferred before funding the exploiter.
Shido, a layer-1 proof-of-stake blockchain set to launch its mainnet soon, offers an Ethereum-based ERC-20 token called SHIDO, which could be staked on the project's connected decentralized exchange (DEX) to earn an 8% annual yield.
What Could I Have Done To Protect Myself As A Crypto User?
Given that the exploit on Shido's Ethereum-based staking contract appears to be primarily a development issue, there are limited actions end users could have taken to prevent it. However, users can still exercise caution by thoroughly researching and vetting projects before investing, paying attention to security audits and reviews of smart contracts, and being wary of platforms that lack transparency or have a history of security vulnerabilities.