A vulnerability in a decentralised finance (DeFi) platform, Team Finance, allowed threat actors to steal over $14.5 million of digital assets, resulting in the backlash of people affected by the incident.
According to the DeFi platform’s statement, they discovered that the hackers had begun the attack on the morning of October 27, at around 2 AM. While investigations are still ongoing and the flaw has yet to be patched, Team Finance halted all their operations.
Team Finance also contacted the unknown threat actors, stating they are willing to give a bounty payment to cooperate with them and discuss possible resolutions. However, these hackers have not responded. The DeFi platform had then blacklisted the hackers’ Etherscan wallet.
The affected DeFi platform clarified that the hackers had abused a flaw in one of their functions that a security firm audited.
They explained that the flaw was not due to Team Finance’s contract upgrades. One of the firm’s incident responses includes temporarily pausing new lock creation on the platform. The DeFi platform had also teamed up with security and audit companies, alongside blockchain investigators, to aid them with mitigating the problem.
Team Finance is a security toolkit for creating tokens and raising money from a community of investors. Since its establishment in 2020, the DeFi platform has secured more than $3 billion in cryptocurrency from 12 blockchain firms.
Many customers have expressed their disappointment following the security breach incident. Team Finance responded via Twitter that they are sorry for the trouble it had caused and assuring everyone to keep them posted should new developments occur.
On the other hand, some blockchain security companies revealed that the security incident on the affected DeFi platform was from a source code issue. Only eight days since Moola Market and Mango Markets were also targeted by threat actors, stealing millions of dollars worth of digital assets, comes the news from Team Finance of also being a victim.
This year, almost $2 billion worth of cryptocurrency assets have been lost via 13 cross-chain bridge attacks. Some targeted companies were Binance, Harmony, Wormhole, and Ronin Network. Cryptocurrency investors are advised to monitor their accounts and report to authorities should suspicious transactions ensue.
