In brief
- A hacker has stolen approximately $42,000 worth of WLEO.
- Since the hack, WLEO's price has dropped by 99%.
- The price of LEO was also affected.
The WLEO contract was hacked late yesterday, resulting in $42,000 worth of stolen funds. The hacker stole Ethereum (ETH) from decentralized exchange Uniswap’s pool by minting WLEO to himself, and swapping it for Ethereum.
“From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum,” said Khaleel Kazi, founder of the LEO Finance community, in a report about the hack.
WLEO is a wrapped version of the LEO token, which runs on the Hive blockchain. The price of WLEO is pegged to the LEO token, but as it runs on the Ethereum blockchain, it can be used in smart contracts, and has access to the wider Ethereum ecosystem. The price of LEO suffered a drop of approximately 60% as a result of the hack—but has since rebounded to its current price of $0.146.
As the hack was taking place, WLEO users were quick to notice false transactions taking place, and responded by swiftly removing 50% of liquidity from the pool within the hour. A few hours later, over 75% of liquidity was removed from the pool, limiting the returns the hacker has been able to enjoy.
Since then, the hacker, whose address is known, has reportedly transferred the Ethereum to Binance using anonymous accounts, making it almost impossible to trace the stolen funds.
CFTC Charges Crypto Exchange BitMEX with Money-Laundering Violations
Correction: This article previously stated that the feds arrested Gregory Dwyer, when it was instead Samuel Reed. We apologize for the mistake. The Commodity Futures Trading Commission filed money-laundering and other civil charges against BitMEX for illegally operating in the U.S. today. In a separate indictment unsealed today, the U.S. Attorney for the District of New York also filed criminal actions against the exchange’s owners, Arthur Hayes, Ben Delo, and Samuel Reed, for violating the Ban...
“Binance has been contacted but there may be nothing they can do since the hacker seems to have used non-kyc'd accounts to receive the ETH,” added Kazi.
It remains unclear how the hacker managed to pull off the theft. According to Kazi, the flaw exploited doesn’t appear to be from the WLEO oracle, which allows the blockchain to interact with real world or off-chain data.
Steem vs Tron: The rebellion against a cryptocurrency empire
One spring day four years ago, Dan Notestein, a self-made millionaire and coder, padded down the wooden stairs to the basement of his ranch home in Blacksburg, Virginia. He sat down across from three other devs who were working on a startup called Steemit. Notestein, who was a contract worker on the project, settled in for what he figured would be just another day. It turned out to be anything but. The devs were building what had been billed by its co-founders, CEO Ned Scott and CTO Dan Larimer,...
“This narrows it down to just a few possibilities for how they exposed the wLEO contract. We'll release more details as we continue to investigate and narrow it down further,” said Kazi.
One person even suggested they would pay their rent with LEO. At current prices, that’s looking unlikely.
Update: This article has been updated with additional information about the relationship between LEO and WLEO, and details on the liquidity that was removed from the pool. Plus, a section on Uniswap and a mention of it in the headline have been removed to clarify that it was not subject to a hack.
