Stader Labs Hit by $800K+ Exploit

NearX Smart Contract Exploit

A hacker recently exploited Stader Labs’ NEAR liquid staking pool, using vulnerabilities in its NearX smart contract to steal more than $800,000 worth of funds.

During the incident, which occurred on Aug. 16, the attacker “gregoshes.near” stole up to 165,000 $NEAR (currently trading at about $5.10 per token). However, it didn’t affect users who staked $NEAR on Stader’s Decentralized Application (dApp). Instead, it affected $NEAR liquidity in the NearX/Near liquidity pool, according to Stader’s statement on Aug. 17.

“The ~ 2.5Mn $Near staked on the Stader dApp is completely secure with the validators, and the attack had no impact on it. The losses pertain largely to the $Near liquidity in the LPs,” Stader wrote.

The attacker took advantage of a bug associated with minting NearX and minted 20 million $NearX tokens. Further, the hacker transferred the minted tokens to his/her wallet without any $NEAR token staked against it.

The attacker later drained all $NEAR liquidity from NearX/Near liquidity pools in Stader’s supported Decentralized Exchanges (DEX), Ref Finance, and Jumbo Exchange. This was done by swapping the minted $NearX tokens for $NEAR. The team’s quick intervention to contain the exploit by pausing all $NearX transactions ensured that users’ funds were unaffected.

Stader will cover the total losses incurred in the Near/NearX pool. The protocol is also making positive moves to ensure that a similar incident does not resurface. One of them is launching a bug bounty program in partnership with Immunefi to detect more bugs on NearX smart contracts.

Read the Stader publication to learn more about the incident plus plans to avoid more vulnerabilities.

What Is Stader Labs:

Stader Labs was founded in April 2021 by Amitej Gajjala, Sidhartha Doddipalli, and Dheeraj Borra. It specializes in cryptocurrency stake management. Stader plans to use decentralized financial protocols and applications to manage stakes efficiently on public blockchain networks. Currently, the company's staking product is available on Hedera, Polygon, Fantom, Terra 2.0, BNB and Near blockchains. Stader plans to extend its support to Solana, Ethereum and Cosmos soon.

Stader Labs raised $12.5 million this January in a strategic private sale, raising their valuation to $450 million. Stader Labs is backed by Pantera Capital, Coinbase Ventures, Jump Capital, Accomplice, Accel, Huobi Ventures, Hypersphere, and True Ventures, among others.

Where to find Stader Labs:

Website | Twitter | Medium | Telegram | Discord

Don’t forget to download the BSC News mobile application on iOS and Android to keep up with all the latest news for BNB Chain and crypto!

Follow us on Twitter and Instagram!

If you need tools and strategies regarding safety and crypto education, be sure to check out the Tutorials, Cryptonomics Explainers, and Trading Tool Kits from BSC News.

Check out the Web3Wire Linktree to keep up with all relevant Web3 and Crypto!

Looking for a job in crypto? Check out the CryptoJobsNow!