Skyward Finance, a launchpad built on the NEAR protocol was exploited for a total sum of about $3 Million in wrapped Near tokens.
● Skyward Finance is a launchpad based on the NEAR blockchain.
● Skyward's mission was to enable fair token distribution and price discovery on the NEAR blockchain.
● Unfortunately, Skyward Finance was exploited for about 1 million wrapped NEAR tokens, worth over $3 Million.
● The hacker was reported to have leveraged a bug in a smart contract used by Skyward Finance to maintain its treasury to carry out the attack.
At 12:21 AM WAT/UTC+1, Thursday, November 3, 2022, Skyward Finance was announced to have suffered an exploit that drained the treasury, rendering the $SKYWARD token and its treasury useless.
The attacker exploited a bug in the smart contract and went away with 1 Million wrap.near tokens in a single transaction.
Skyward Finance officials took to Twitter to inform the community that all funds of hosters and participants of sales on Skyward are not affected, adding that users can withdraw safely.
Also, Skyward Finance noted that users should withdraw funds where possible and never interact with the dapp again as the contracts are fully locked, thus, no one, not even the skyward team cannot pause or prevent future issues.
A report from @blocksecteam indicates that the exploit's root cause is in the function "redeem_skyward" used to redeem the treasury from the protocol.
At the time of writing, there have been little community reactions where some users call the hack a rug-pull from the internal team and others question the project's audition.