{"id":1,"date":"2022-11-04T13:38:00","date_gmt":"2022-11-04T13:38:00","guid":{"rendered":"https:\/\/odwstage.com\/omniatech\/?p=1"},"modified":"2023-05-21T21:32:39","modified_gmt":"2023-05-21T21:32:39","slug":"team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty","status":"publish","type":"post","link":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/","title":{"rendered":"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty"},"content":{"rendered":"<span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\">3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>\n<p>On October 27th, DeFi project Team Finance <a href=\"https:\/\/twitter.com\/TeamFinance_\/status\/1585562380591063043\">announced<\/a> that they had just been alerted about an exploit on its protocol. They said they were investigating the incident and \u2018working to analyze and remedy the situation.\u2019 They also requested the exploiter to contact them for a potential bug bounty payment.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attacker Used 1.76 ETH ($2,700) To Steal Funds Worth $14.5M<\/h2>\n\n\n\n<p><a href=\"https:\/\/twitter.com\/peckshield\/status\/1585587858978623491\">An initial analysis<\/a> by blockchain security firm PeckShield revealed that the attacker targeted liquidity tokens under the custody of Team Finance. The drained assets included CAW (A Hunters Dream), Dejitaru Tsuka (TSUKA), Kondux, and Feg.&nbsp;<\/p>\n\n\n\n<p>Team Finance estimated that $14.5 million was lost, with PeckShield providing an additional estimate of $15.8 million. Most of the stolen funds were CAW tokens worth $11.5 million.&nbsp;<\/p>\n\n\n\n<p>In addition, the PeckShield team stated that the attacker used 1.76 Ethereum, worth around $2,700, withdrawn from <a href=\"https:\/\/twitter.com\/FixedFloat\">FixedFloat<\/a>, to carry out the attack. The attacker used the funds to transfer liquidity from Uniswap v2 assets on Team Finance to \u2018an attacker-controlled new V3 pair with skewed pricing.\u2019 This resulted in the attacker earning a significant profit after completing the process.<\/p>\n\n\n\n<p>The V2 Code Had Been Audited by a Reputable Firm &#8211; Team Finance<\/p>\n\n\n\n<p>A day after the exploit, Team Finance <a href=\"https:\/\/twitter.com\/TeamFinance_\/status\/1585770918873542656\">issued a statement<\/a> breaking down the events that led to the exploit. They explained that the attacker had managed to exploit the audited Uniswap v2 to v3 migration function of its protocol. Within an hour of the breach, Team Finance had identified the issue and paused all protocol functions.&nbsp;<\/p>\n\n\n\n<p>They added that the exploited contract had been audited by \u2018a reputable audit firm\u2019 and the exploit was not due to \u2018any contract upgrade\u2019 by the team. They reiterated that all other contracts, functions, and assets on Team Finance were safe.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Concerning a game plan to resolve the situation, Team Finance stated that they were working with \u2018several established security, audit, and blockchain investigation companies to assist with\u2019 solving the issue. They had also initiated contact with the exploiter for possible resolutions. As an additional precaution, the exploiter\u2019s wallet had been blacklisted on Etherscan, and crypto exchanges had been contacted regarding the same.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attacker Returns $7M of the Stolen Funds, Decides to Keep 10% as a Bug Bounty<\/h2>\n\n\n\n<p>In a turn of events, blockchain security firm SlowMist <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1586912663929556992\">reported<\/a> on October 31st that the attacker had started returning funds to the projects affected by the exploit. At that time, the attacker had returned $7 million of the stolen tokens and had decided to keep 10% of the funds as a bug bounty for exposing the vulnerability in Team Finance\u2019s code.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A Possible New Trend of \u2018Whitehat\u2019 Hackers Exploiting DeFi Protocols for a Bounty<\/h2>\n\n\n\n<p>To note is that the Team Finance exploit followed a similar pattern to the Mango Markets attack in mid-October, whereby a hacker <a href=\"https:\/\/twitter.com\/mangomarkets\/status\/1579979342423396352\">manipulated<\/a> the price of MANGO using $10 million in initial capital and ended up draining $114 million from the DeFi platform.&nbsp;<\/p>\n\n\n\n<p>The attacker later came clean after returning $67 million of the stolen funds and keeping $47 million as a bug bounty for revealing the vulnerability on Mango Markets. The refund and bounty were the results of a governance proposal on MangoDAO initially suggested by the attacker.&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Such hacking incidences were why FTX\u2019s founder and CEO, Sam Bankman-Fried, had suggested a cap on bug bounties to limit their impact on the digital asset ecosystem.&nbsp;<\/p>\n\n\n\n<p>Mr. Bankman-Fried <a href=\"https:\/\/archive.fo\/O0onZ\">had proposed<\/a> that bug bounties be capped at either $5 million or 5% of the amount stolen and whichever was smaller. <a href=\"https:\/\/www.ftxpolicy.com\/posts\/possible-digital-asset-industry-standards\">His proposals<\/a> aimed to provide some set of standards in the crypto industry \u2018to create clarity and protect customers while waiting for full federal regulatory regimes.\u2019&nbsp;&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\">3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span> On October 27th, DeFi project Team Finance announced that they had just been alerted about an exploit on its protocol. They said they were investigating the incident and \u2018working to analyze and remedy the situation.\u2019 They also requested the exploiter to contact them for a potential bug bounty payment.&nbsp; Attacker Used 1.76 ETH ($2,700) To [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":142,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[42],"tags":[16,11,7,12,14,15,17,10,6,13,8,5,9],"class_list":["post-1","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web3","tag-bitcoin","tag-blockchain","tag-crypto","tag-cryptocurrency","tag-data","tag-decentralization","tag-hack","tag-privacy","tag-regulations","tag-security","tag-technology","tag-wallets","tag-web3"],"acf":[],"wbAuthor":{"name":"Omnia Team","link":"https:\/\/omniatech.io\/pages\/author\/omniaprotocol\/"},"wbDate":"Nov 4, 2022","wbCategories":{"space":"<a href=\"https:\/\/omniatech.io\/pages\/category\/web3\/\" rel=\"category tag\">Web3<\/a>","coma":"<a href=\"https:\/\/omniatech.io\/pages\/category\/web3\/\" rel=\"category tag\">Web3<\/a>"},"wbComment":110,"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty<\/title>\n<meta name=\"description\" content=\"An attacker used 1.76 ETH ($2,700) to steal $14.5m using a Uniswap V2 to V3 vulnerability. Team Finance has seen $7m returned, but the attacker will keep 10%. How it happened?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty\" \/>\n<meta property=\"og:description\" content=\"An attacker used 1.76 ETH ($2,700) to steal $14.5m using a Uniswap V2 to V3 vulnerability. Team Finance has seen $7m returned, but the attacker will keep 10%. How it happened?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/\" \/>\n<meta property=\"og:site_name\" content=\"OMNIA\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-04T13:38:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-21T21:32:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"5001\" \/>\n\t<meta property=\"og:image:height\" content=\"2814\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Omnia Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Omnia Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/\",\"url\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/\",\"name\":\"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty\",\"isPartOf\":{\"@id\":\"https:\/\/omniatech.io\/pages\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png\",\"datePublished\":\"2022-11-04T13:38:00+00:00\",\"dateModified\":\"2023-05-21T21:32:39+00:00\",\"author\":{\"@id\":\"https:\/\/omniatech.io\/pages\/#\/schema\/person\/5265002cadcebfc0cfca31054160d57d\"},\"description\":\"An attacker used 1.76 ETH ($2,700) to steal $14.5m using a Uniswap V2 to V3 vulnerability. Team Finance has seen $7m returned, but the attacker will keep 10%. How it happened?\",\"breadcrumb\":{\"@id\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#primaryimage\",\"url\":\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png\",\"contentUrl\":\"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png\",\"width\":5001,\"height\":2814},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/omniatech.io\/pages\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/omniatech.io\/pages\/#website\",\"url\":\"https:\/\/omniatech.io\/pages\/\",\"name\":\"OMNIA\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/omniatech.io\/pages\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/omniatech.io\/pages\/#\/schema\/person\/5265002cadcebfc0cfca31054160d57d\",\"name\":\"Omnia Team\",\"url\":\"https:\/\/omniatech.io\/pages\/author\/omniaprotocol\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty","description":"An attacker used 1.76 ETH ($2,700) to steal $14.5m using a Uniswap V2 to V3 vulnerability. Team Finance has seen $7m returned, but the attacker will keep 10%. How it happened?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/","og_locale":"en_US","og_type":"article","og_title":"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty","og_description":"An attacker used 1.76 ETH ($2,700) to steal $14.5m using a Uniswap V2 to V3 vulnerability. Team Finance has seen $7m returned, but the attacker will keep 10%. How it happened?","og_url":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/","og_site_name":"OMNIA","article_published_time":"2022-11-04T13:38:00+00:00","article_modified_time":"2023-05-21T21:32:39+00:00","og_image":[{"width":5001,"height":2814,"url":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png","type":"image\/png"}],"author":"Omnia Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Omnia Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/","url":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/","name":"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty","isPartOf":{"@id":"https:\/\/omniatech.io\/pages\/#website"},"primaryImageOfPage":{"@id":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#primaryimage"},"image":{"@id":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#primaryimage"},"thumbnailUrl":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png","datePublished":"2022-11-04T13:38:00+00:00","dateModified":"2023-05-21T21:32:39+00:00","author":{"@id":"https:\/\/omniatech.io\/pages\/#\/schema\/person\/5265002cadcebfc0cfca31054160d57d"},"description":"An attacker used 1.76 ETH ($2,700) to steal $14.5m using a Uniswap V2 to V3 vulnerability. Team Finance has seen $7m returned, but the attacker will keep 10%. How it happened?","breadcrumb":{"@id":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#primaryimage","url":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png","contentUrl":"https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png","width":5001,"height":2814},{"@type":"BreadcrumbList","@id":"https:\/\/omniatech.io\/pages\/team-finance-exploited-for-14-5m-attacker-keeps-10-as-a-bug-bounty\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/omniatech.io\/pages\/"},{"@type":"ListItem","position":2,"name":"Team Finance Exploited for $14.5M. Attacker Keeps 10% as a Bug Bounty"}]},{"@type":"WebSite","@id":"https:\/\/omniatech.io\/pages\/#website","url":"https:\/\/omniatech.io\/pages\/","name":"OMNIA","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/omniatech.io\/pages\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/omniatech.io\/pages\/#\/schema\/person\/5265002cadcebfc0cfca31054160d57d","name":"Omnia Team","url":"https:\/\/omniatech.io\/pages\/author\/omniaprotocol\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1.png",5001,2814,false],"thumbnail":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1-150x150.png",150,150,true],"medium":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1-300x169.png",300,169,true],"medium_large":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1-768x432.png",768,432,true],"large":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1-1024x576.png",1024,576,true],"1536x1536":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1-1536x864.png",1536,864,true],"2048x2048":["https:\/\/omniatech.io\/pages\/wp-content\/uploads\/2023\/02\/Team20Finance20Exploit1-2048x1152.png",2048,1152,true]},"uagb_author_info":{"display_name":"Omnia Team","author_link":"https:\/\/omniatech.io\/pages\/author\/omniaprotocol\/"},"uagb_comment_info":110,"uagb_excerpt":"3 min read On October 27th, DeFi project Team Finance announced that they had just been alerted about an exploit on its protocol. They said they were investigating the incident and \u2018working to analyze and remedy the situation.\u2019 They also requested the exploiter to contact them for a potential bug bounty payment.&nbsp; Attacker Used 1.76&hellip;","mfb_rest_fields":["wbAuthor","wbDate","wbCategories","wbComment","yoast_head","yoast_head_json","uagb_featured_image_src","uagb_author_info","uagb_comment_info","uagb_excerpt"],"_links":{"self":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts\/1"}],"collection":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":4,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":404,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/posts\/1\/revisions\/404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/media\/142"}],"wp:attachment":[{"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/omniatech.io\/pages\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}