Team Finance Exploited for $14.5M Despite Security Audits
The latest exploit against the crypto platform Team Finance resulted in the loss of approximately $14.5 million in various tokens, despite recent security audits, the company reported.
The Ethereum-based project revealed on Thursday that it had been exploited through its audited Uniswap V2 to V3 migration function. The audits were conducted by a “reputable” firm, according to the project.
Team Finance, which operates as a smart contract vault for vesting liquidity and tokens, stated that the exploit was not related to any specific upgrade. The company assured users that all other assets were secured after pausing all operations within an hour of the breach.
A company spokesperson declined to name the auditing firm involved, noting that several security auditing companies had reviewed their code over the years. One of these firms had supposedly approved the smart contract code that was exploited on Thursday.
DeFi projects and protocols typically engage multiple firms to review their code to minimize the risk of a single point of failure.
Since its inception two years ago, Team Finance has relied on an Estonia-based firm, Hacken, for 80% of its audits. A blockchain security auditing firm reviewed the project’s smart contract code in March this year, while another firm conducted an audit in June 2021.
This latest hack comes shortly after the DeFi platform Mango Markets was compromised earlier this month, losing $112 million in a price oracle manipulation attack. Mango had its own audit conducted in September by security researchers at Neodyme, just five weeks before the exploit.
These incidents raise concerns about the security of certain DeFi protocols and the reliability of their audits. Most projects in the industry use open-source code, which can allow malicious actors to identify potential attack vectors.
Team Finance announced that it had paused platform features and was investigating the issue with several firms to address the breach. The team also reached out to the exploiter in an attempt to resolve the situation. The exploiter’s Ethereum wallet address has been blacklisted, and exchanges have been notified, according to the update.
With this in mind, hacking is much more common now, especially when it comes to the blockchain and crypto space, as there are several tactics to do that. Nevertheless, there are a few tricks one can do once investing in crypto.
Also, when hackings of that sort occur, it is important to keep in mind that the blockchain itself as a model is very resistant to almost all kinds of hacking, but it is the processes and systems connected to a blockchain and an asset that have vulnerabilities, and are usually targeted. Bottom line: keep an eye out, no one is really safe!
NB: For accuracy, this article has been updated on June 18, 2024 to reflect that one of the firms was not involved in the project as was mentioned earlier.
