Exploiter Leaves IceCreamSwap Project Liquidated Making Off With Users’ Funds

Unfortunately, in the current De-Fi landscape smart contract risks are very prevalent and should always be considered. Today, an exploit left IceCreamSwap tokens useless, and the exploiter has made off with close to $1,000,000.

Introduction

After a parabolic rally on the Binance Smart Chain (BSC) we have run into our latest “bump” in the road. One of the latest PancakeSwap forks, IceCreamSwap has been hacked. This team forked the PancakeSwap code and attempted to add their own twist on the AMM, advertising that they were to provide a yield optimizer and NFT marketplace. These developments have seemed to been cut short due to an exploitation of the code, and IceCreamSwap tokens are now worthless.

‍

Rug-Pull

ICS was one of the latest BSC-based AMM’s allowing users to farm tokens by providing liquidity. This project launched early this month and was working through developments until today; the team has posted the following tweet on their Twitter:

When looking into the transaction it seems the hackers were able to make out with over 6,000 BNB or just about shy of $1 million USD. The hacker was able to exploit a weakness in the ICS code setting themselves as a developer. With these permissions, the hacker was able to create contracts that liquidated ICS. In short, this allowed the exploiter to mint and sell tokens, which were then routed to multiple different wallets. On top of this, it seems that the block reward has been dramatically increased, devaluing the token. Yesterday the circulating supply of ICream was 520,000 but today there are now over 100 trillion tokens and counting. This has left the token useless and all users who provided liquidity have lost their funds to impermanent loss.

The hackers’ wallet can be viewed here.

Smart Contract Risks

This must serve as a fair warning of the high-risk nature of De-Fi projects. While smart-contracts give developers the tool to create robust protocols, innovating traditional financial services, there are unfortunately inherent risks. These can be defined as smart contract risks; while this code allows users to develop trustless and decentralized protocols, they are not perfect. Malicious developers can leave loopholes in code to siphon users’ money. This has been the case for the latest rug-pulls on the BSC prior to ICS, where malicious developers have siphoned over 2,000,000 USD. 

In other instances, developers may not recognize a critical error in their code. This is unavoidable as nothing is ever perfect, which was the case in the Harvest Finance hack. Unnoticed structural integrity in a smart contract can be easily exploited by malicious users who find vulnerabilities in the code and ultimately steal users’ funds.

Overall, smart contract risk is a prevalent issue in the De-Fi space on both the Ethereum Network and the Binance Smart Chain. At the same time, these are not insanely common occurrences, but they ever too frequent. We have published a few guides on the BSCNews website, authored by The Ape, which help users safeguard against these instances:

How To Spot a Potential RUG — Clear signs something is sketchy

How to Keep Your Funds SAFE — MetaMask Guide

Unfortunately, in the current De-Fi landscape, smart contract risks are very prevalent and should always be considered. As the space continues to mature, we can expect to see better audits, more educational awareness, and a general increase in safety. These tools are quickly developing with a large amount of insurance and audit protocols launching to help safeguard and protect users from these occurrences. As for now, it is ever so important for users to exercise caution as there has been a numerous flow of new projects with the BSC’s recent exponential growth.

Source : bsc.news