SKYWARD, the native token of NEAR-based platform Skyward Finance, plunged by 95% after the protocol’s treasury lost $3 million in a smart contract exploit.
The attack occurred in the late hours of Wednesday and was first reported by Twitter user Sanket Naikwadi before Skyward Finance publicly acknowledged the incident.
How it Happened
According to Naikwadi, the exploit was first noticed by NearScout, a member of the NEAR blockchain community. The attackers were able to make multiple withdrawals in one transaction.
Thnx to @NearScout for noticing the treasury drain, he pinged me asking if something is wrong with skyward… then we looked into contract txns and found out about the exploit and sus txns.
— SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens 🛸 (@sanket_naikwadi) November 2, 2022
The hackers first purchased SKYWARD tokens in large quantities from Ref Finance, an automated market maker (AMM) and decentralized exchange (DEX) on the NEAR protocol. Afterward, they redeemed the tokens through Skyward’s treasury, receiving more NEAR tokens than what the SKYWARD tokens were worth.
The attackers repeated the process multiple times until all the wrapped NEAR (wNEAR) tokens were redeemed. In one transaction, the exploiters made away with 1.1 million wNEAR tokens worth about $3 million as of then.
Skyward Locked Out of Smart Contract
Naikwadi said he alerted Skyward Finance and Ref Finance about the hack and urged SKYWARD token holders to redeem or swap their tokens in whichever way they could. He added that they should refrain from interacting with Skyward Finance as the attackers had already transferred the assets to different wallets.
Six hours after Naikwadi’s update, Skyward Finance officially informed users of the hack, telling the crypto community to desist from further interactions with the protocol as they were locked out of the affected contract.
“The contracts are fully locked, meaning that no one can pause or prevent future issues with the $SKYWARD token – not even us. We recommend users to withdraw their funds safely where they can and for the community to no longer interact with Skyward,” the platform wrote.
SKYWARD Token Dumps 95%
Skyward also noted that previous and current token sales were not affected by the hack. The protocol told users hosting or participating in token sales not to worry as they could safely withdraw their funds.
The SKYWARD token dumped 95% shortly after the exploit. The cryptocurrency fell from its previous price of $13.05 to trading at $0.61 at press time.
Meanwhile, this is the second crypto hack that has been reported in November, with the first being derivatives exchange Deribit. According to reports, the platform lost $28 million after hackers targeted its hot wallet.