Describing what’s happened: Hacker used governance portal, in one contract he created a proposal that probably changes the oracle that provides BUSD price. In 1 transaction he proposed the proposal and voted for it, minted USDV and draining pools on wagyu. It’s done in 1 contract, same block and only 1 transaction.
We can’t check the changes, but it seems that he voted for changing oracle, that provides price for BUSD.
Minimum amount for participating and voting is 30.000 VDGT so he possibly made a proposal and voted for it.
At the moment we contacted Crystal, AMLBot and HAPI, address has been marked We also contacted Uniswap, maybe they can help us somehow.. Hopefully, there some funds left on Kucoin but we need to wait to get information about it.
Also we’re working on solution for buying back current vaults, all of them are in safe.
Those who held and bought USDV — after we will understand more details regarding hacker and other amount of drained money — we will apply buyback mechanism.
As we see, ±350.000k USD in total were drained from Velas Blockchain.
Explainer step by step:
#1 sending VDGT tokens (30k) to the address of the contract with the exploit
calling the vote method (votes 30k VDGT) from DsChief for accepting changes in the system (https://evmexplorer.velas.com/address/0xCC9D0895AE3e8Ce578346C92cd0563ae3526A55b)
#3 Sending BUSD (105) tokens to the address of the exploit contract
sending BUSD tokens (100) to unknown contract (0xc0845342A37fdf55eb13D0cF64e6AA43b2488E8c)
Deposit 100 BUSD to the contract address JOIN_BUSD (0x4368d9F91C40EA8Ac9F11A4f9289889f56D32Df8), for further generation of USDV tokens
#6 USDV token generation
#7 Exchange on wagyu for USDV -> BUSD
#8 Exchange on wagyu USDV -> WBTC
#9 Exchange on wagyu USDV -> DAI
#10 Exchange on wagyu USDV -> ETH
#11 Exchange on wagyu USDV -> VLX
#12 send 500,000,000,000 USDV to the address from which the transaction that triggered the exploit was sent (0xA10B21aFC713B600C52E75723Ddd53dE26900dA1)
It’s all within one transaction:
0.436739577823117734 ETH — https://evmexplorer.velas.com/address/0x85219708c49aa701871Ad330A94EA0f41dFf24Ca
Adress which is suspected and marked : https://etherscan.io/address/0xa10b21afc713b600c52e75723ddd53de26900da1
Current address that holds part of the stolen money: https://etherscan.io/address/0xa6c13aa576f6f2eb05303de9ffe30a6cb67c160a#tokentxns