Technical Analysis of UvToken’s USD$1.5 Million Attack
On October 27th, Numen Cyber Labs discovered that the UvToken project was attacked through on-chain data monitoring. The hackers stole 1,078 BNB and 1,161,991 BUSD from the attack, with the total losses adding up to approximately $1.5 Million USD. We have analyzed and tracked the incident and the flow of funds. The hackers have already transferred the funds to Tornado.Cash.
UvToken Official Statement:
The project team also addressed the incident on Twitter, and arranged for security companies to intervene and to conduct an investigation on the matter.
Attack Relevant Addresses:
Hacker Address:
https://bscscan.com/address/0xf3e3ae9a40ac4ae7b17b3465f15ecf228ef4f760
Hacker Contract Address:
https://bscscan.com/address/0x99d4311f0d613c4d0cd0011709fbd7ec1bf87be9
Authority Contract Address:
https://bscscan.com/address/0x5ecfda78754ec616ed03241b4ae64a54d6705a1a#code
UVT Reward Claim Contract:
https://bscscan.com/address/0x36f277165c8b1b80cc3418719badb1864e2687bc#code
Attack Transaction:
https://bscscan.com/tx/0x54121ed538f27ffee2dbb232f9d9be33e39fdaf34adf993e5e019c00f6afd499
Attack Process:
- The hacker first exchanged 0.5 BNB to 313UVT tokens and transferred them to the 0x36f277165c8b1b80cc3418719badb1864e2687bc contract. The relevant transaction information is shown in the figure below:
2. The hacker then called the 0xc81daf6e function in the permission contract address, and self-created 2 contract addresses as parameters when passing in the parameters. So that the value of v4 can be returned from the hacker’s contract, and the returned quantity is UVT balance under the project party’s reward contract 0x36f277165c8b1b80cc3418719badb1864e2687bc.
3. The 0xc81daf6e function of the permission contract also calls the 0x7e39d2f8 function in the reward contract, so that the permission verification can also pass. Subsequently, all the UVT tokens under the contract were transferred away.
Assets Flows:
Currently, the hacker has transferred all the profited tokens to Tornado.Cash. We at Numen Cyber Labs will continue to pay attention to the fund’s dynamics.
Summary:
In response to this attack, Numen Cyber Labs recommends that users and project parties protect their assets well. For projects that include permission verification or calling the call, security testing and verification should be done in various aspects to secure the projects and funds.
Numen Cyber Labs is committed to facilitating the safe development of Web3.0. We are dedicated to the security of the blockchain ecosystem, as well as operating systems & browser/mobile security. We regularly disseminate analyses on topics such as these, please stay tuned for more!
