Poolz Finance bolsters its security, announces a restructuring plan to shore up user safety following a token exploit
On Tuesday, hackers exploited Poolz Finance’s decentralized IDO platform and made away with $390k just days after a $180 million Euler Finance exploit. However, within hours of the attack, the Poolz team wasted no time and immediately flagged the hacker’s address. And in just two hours, the token was no longer available for trading. Following the security incident, Poolz also disclosed a set of measures it has taken to mitigate the effects of the exploit.
Poolz Finance Hack: What Happened and What We Know
On March 15th, a hacker was able to exploit the token contract for the POOLZ vesting system. They were able to get their hands on some of the tokens that were supposed to be given to the public, and they sold them illegally. The Poolz team acted fast and made sure the token was no longer available for trading within two hours. They also put together a team to prevent any further damage from occurring and to make sure this type of attack wouldn’t happen again.
An initial analysis by blockchain security firm PeckShield found that the vulnerability was caused by an arithmetic overflow issue, which is exploited to drain funds from the contract.
In computer programming, an arithmetic overflow is a problem that happens when a math calculation produces a number that is too big to be stored in the computer’s memory. For example, if a 16-bit integer has a maximum value of 32767 and you attempt to add 1 to that number, an overflow occurs, and the result will be a negative number, or it may cause a system crash or unexpected behavior in the program.
That’s not all. PeckShield also discovered a repeat pattern by the same sender on the Token Vesting contract.
“Our initial analysis shows the @Poolz__hack is due to a classic arithmetic overflow issue, which is exploited to drain funds from the contract — Poolz: Token Vesting https://bscscan.com/address/0x8bfaa473a899439d8e07bf86a8c6ce5de42fe54b#code,” PeckShield tweeted.
Our initial analysis shows the @Poolz__ hack is due to a classic arithmetic overflow issue, which is exploited to drain funds from the contract — Poolz: Token Vesting https://t.co/OA6PQJcKNC https://t.co/13pbiuQRYt pic.twitter.com/KLrrclpwcX
— PeckShield Inc. (@peckshield) March 15, 2023
Poolz’s Immediate Response to Prevent Broader Contagion
The Poolz team responded quickly, and within two hours the token was no longer available for trading. A rapid response team was assembled to prevent further damage and ensure a similar incident could not recur. The Poolz team wasted no time and quickly provide a proactive response to contain the damage and prevent broader contagion.
Soon after the attack, Poolz was able to flag the hacker’s address on leading blockchain explorers. They also removed the remaining liquidity from Uniswap and Pancakeswap to protect users. On that same day, Poolz started working on a new platform token called POOLX, which is currently being audited by Certik, ArcadiaGroup, and ChainPort.
Poolz Founder Liam Cohen said: “We’re proud of our team’s swift and effective response to the cyber attack on our platform. Our top priority is our community, and we’re committed to providing them with a secure and reliable platform for decentralized finance.
“Despite this setback, we’ll come out stronger with our new token, POOLX, which is currently undergoing an audit. Our treasury is unaffected, and we remain financially stable. We’re dedicated to our community and DeFi and we thank you for your support.”
To help support Poolz, the company also started a fundraiser campaign after the incident. Within 12 hours, they were able to raise $600K to implement stronger security measures and build a more secure platform for everyone using Poolz.
Founded in 2020, Poolz is a cross-chain decentralized cross-chain IDO platform built on top of Web 3.0 infrastructure to enable crypto projects to raise funds before they go public. Following the security incident, Poolz disclosed a set of measures it has taken to mitigate the effects of the exploit. The Poolz team wasted no time and quickly provide a proactive response to contain the damage and prevent broader contagion.