Shido Smart Contracts Exploited Leading to $35M in Losses

by BSC News

February 29, 2024


Security firm PeckShield revealed that the attacker successfully transferred the staking contract to a new address, enabling the withdrawal of over 4.3 billion Shido tokens, nearly half of the circulating supply.

Shido, the layer-1 blockchain, has fallen victim to a devastating exploit that has resulted in a staggering loss of $35 million. 

The attacker successfully transferred Shido's Ethereum staking contract to a new address, according to PeckShield. Subsequently, the contract was upgraded with a concealed function that allowed the exploiter to withdraw staked tokens. 

The aftermath? A staggering 4.3 billion Shido tokens, equivalent to nearly half of the circulating supply, were stolen.

The 4.3 billion tokens, before the hack, held a valuation of approximately $35 million. However, in a mere 30 minutes following the attack, Shido witnessed a jaw-dropping 94% drop in its token value, leaving investors reeling from the unforeseen financial blow.

Analyzing the Attack 

Pseudonymous on-chain researcher ZachXBT dug into the origins of the exploit, revealing a multi-faceted attack chain. The exploiter's address was initially funded through crypto sourced from the cross-chain protocol Layerswap. 

The breach became more complex when funds were channeled from the Arbitrum blockchain. ZachXBT claimed to have identified the real identity of the wallet owner responsible for funding the exploiter. Yet, this entity, too, seemed to have fallen victim to hacking, as their assets were mysteriously transferred before funding the exploit.

Shido's Standing

Shido, a layer-1 proof-of-stake blockchain, had been on the brink of launching its mainnet, with an announcement scheduled for the upcoming week, as stated in its Feb. 24 post. 

In recent updates, the protocol acknowledged the exploit and it is working on a solution to resolve it.

The exploit, however, casts doubt on these plans, raising questions about the platform's security and readiness.

Shido's hack adds to recent alarming statistics of crypto-related hacks. According to Certik, there were over 600 such incidents in the past year, resulting in losses amounting to $1.84 billion. However, this marks a significant 51% decrease from the previous year's total of $3.7 billion.

Related News