In brief
- A hacker has stolen approximately $42,000 worth of WLEO.
- Since the hack, WLEO's price has dropped by 99%.
- The price of LEO was also affected.
The WLEO contract was hacked late yesterday, resulting in $42,000 worth of stolen funds. The hacker stole Ethereum (ETH) from decentralized exchange Uniswap’s pool by minting WLEO to himself, and swapping it for Ethereum.
“From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum,” said Khaleel Kazi, founder of the LEO Finance community, in a report about the hack.
WLEO is a wrapped version of the LEO token, which runs on the Hive blockchain. The price of WLEO is pegged to the LEO token, but as it runs on the Ethereum blockchain, it can be used in smart contracts, and has access to the wider Ethereum ecosystem. The price of LEO suffered a drop of approximately 60% as a result of the hack—but has since rebounded to its current price of $0.146.
As the hack was taking place, WLEO users were quick to notice false transactions taking place, and responded by swiftly removing 50% of liquidity from the pool within the hour. A few hours later, over 75% of liquidity was removed from the pool, limiting the returns the hacker has been able to enjoy.
Since then, the hacker, whose address is known, has reportedly transferred the Ethereum to Binance using anonymous accounts, making it almost impossible to trace the stolen funds.
“Binance has been contacted but there may be nothing they can do since the hacker seems to have used non-kyc'd accounts to receive the ETH,” added Kazi.
It remains unclear how the hacker managed to pull off the theft. According to Kazi, the flaw exploited doesn’t appear to be from the WLEO oracle, which allows the blockchain to interact with real world or off-chain data.
“This narrows it down to just a few possibilities for how they exposed the wLEO contract. We'll release more details as we continue to investigate and narrow it down further,” said Kazi.
One person even suggested they would pay their rent with LEO. At current prices, that’s looking unlikely.
Update: This article has been updated with additional information about the relationship between LEO and WLEO, and details on the liquidity that was removed from the pool. Plus, a section on Uniswap and a mention of it in the headline have been removed to clarify that it was not subject to a hack.