Fantom-based algorithmic assets protocol Fantasm Finance was exploited for over $2.6 million worth of crypto early on Thursday, with the stolen tokens swapped for ether using privacy protocol Tornado Cash.
- “Our FTM collateral reserve has been exploited, there is still 1,820,012 FTM pool balance remaining currently for redemption,” they tweeted. FTM is Fantom’s native token and one of the tokens used as collateral backing on Fantasm.
- Hackers were able to mint XFTM, a representation of Fantom’s FTM on Fantasm, by using a small amount of Fantasm’s FSM tokens. The hackers started with 50 FTM, gradually using larger amounts to swap over 2.8 million XFTM in total, Alpha Finance lead engineer Nipun Pitimanaaree explained in a tweet after examining blockchain records.
- The stolen funds were later swapped for over 1,007 ether – about $2.6 million at current prices – using privacy protocol Tornado Cash, which allows for anonymous token swaps.
- The Fantasm developers said in a follow-up tweet that some of the FTM collateral was “white hacked,” a process that refers to exploiting a protocol to flag security concerns or, in this case, recover tokens at the risk of getting hacked.
- Fantasm Finance, launched earlier this month, is a decentralized finance (DeFi) project aimed at developing synthetic tokens for the Fantom ecosystem. DeFi broadly refers to the use of smart contracts instead of third parties for providing financial services to users, while synthetic tokens are blockchain-based representations of financial assets, such as other cryptocurrencies.
- Fantasm developers said a compensation plan for affected users was being worked out.
- Meanwhile, Pitimanaaree cautioned in a tweet that additional vulnerabilities related to Fantasm’s flash-loan product might still exist.