Stader Labs Hit by $800K+ Exploit

Stader Labs will cover all losses incurred on its NEAR liquidity pools. The multi-chain liquid mining protocol also published a statement on the incident.

NearX Smart Contract Exploit

A hacker recently exploited Stader Labs’ NEAR liquid staking pool, using vulnerabilities in its NearX smart contract to steal more than $800,000 worth of funds.

During the incident, which occurred on Aug. 16, the attacker “gregoshes.near” stole up to 165,000 $NEAR (currently trading at about $5.10 per token). However, it didn’t affect users who staked $NEAR on Stader’s Decentralized Application (dApp). Instead, it affected $NEAR liquidity in the NearX/Near liquidity pool, according to Stader’s statement on Aug. 17.

“The ~ 2.5Mn $Near staked on the Stader dApp is completely secure with the validators, and the attack had no impact on it. The losses pertain largely to the $Near liquidity in the LPs,” Stader wrote.

The attacker took advantage of a bug associated with minting NearX and minted 20 million $NearX tokens. Further, the hacker transferred the minted tokens to his/her wallet without any $NEAR token staked against it.

The attacker later drained all $NEAR liquidity from NearX/Near liquidity pools in Stader’s supported Decentralized Exchanges (DEX), Ref Finance, and Jumbo Exchange. This was done by swapping the minted $NearX tokens for $NEAR. The team’s quick intervention to contain the exploit by pausing all $NearX transactions ensured that users’ funds were unaffected.

The attacker’s account with the transferred NEAR tokens

Stader will cover the total losses incurred in the Near/NearX pool. The protocol is also making positive moves to ensure that a similar incident does not resurface. One of them is launching a bug bounty program in partnership with Immunefi to detect more bugs on NearX smart contracts.

Read the Stader publication to learn more about the incident plus plans to avoid more vulnerabilities.

What Is Stader Labs:

Stader Labs was founded in April 2021 by Amitej GajjalaSidhartha Doddipalli, and Dheeraj Borra. It specializes in cryptocurrency stake management. Stader plans to use decentralized financial protocols and applications to manage stakes efficiently on public blockchain networks. Currently, the company’s staking product is available on Hedera, Polygon, Fantom, Terra 2.0, BNB and Near blockchains. Stader plans to extend its support to Solana, Ethereum and Cosmos soon.

Stader Labs raised $12.5 million this January in a strategic private sale, raising their valuation to $450 million. Stader Labs is backed by Pantera CapitalCoinbase VenturesJump CapitalAccompliceAccelHuobi VenturesHypersphere, and True Ventures, among others.

Where to find Stader Labs:

Website | Twitter | Medium | Telegram | Discord

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *