What does an inflationary DeFi protocol do when it runs out of tokens to pay out rewards?
Well if it's @_ThorFinancial the team abuses a backdoor in their token contract to send burned tokens to a dev wallet
They can use the same backdoor to steal $THOR from any holder
๐งต๐1/8
$THOR has a max supply of a little over 20 million, but until recently only 1 million was in circulation, the other 19 million was "burned" sent to 0x000dEaD.
So how is it possible that the burn address sent 316,000 $THOR to a dev wallet 2 days ago? 2/8 snowtrace.io/token/0x8f4741โฆ
Jun 24, 2022 โข 9 tweets โข 4 min read
A hacker stole $100 million from the bridge connecting Ethereum and @harmonyprotocol a few hours ago.
Let's explore how the #harmony bridge works and what allowed this to happen 1/9
The bridge is relatively simple - users lock tokens on the Ethereum side and a multisig mints tokens on Harmony.
When going the opposite way users burn tokens on Harmony and a multisig requiring 2 signatures unlocks tokens on Ethereum 2/9
May 19, 2022 โข 11 tweets โข 4 min read
$650k was lost in another cross-chain bridge hack.
This time the victims are @QANplatform and $QANX token holders.
The hacker exploited a vulnerability in the centrally operated off-chain message signer. Let's explore how that happened ๐ 1/10
The bridge smart contract was audited by @CertiK The contract is surprisingly small for a bridge - about 100 lines of code: etherscan.io/address/0xaaa4โฆ
The contract allows a sender to deposit $QANX on chain A and withdraw the corresponding amount of $QANX minus fees on chain B. 2/10