Shido Token Plummets 85% Following Exploit on Ethereum Staking Contract

cryptonews.com:

The token for the layer-1 blockchain Shido has plunged 85% after the project’s Ethereum-based staking contract fell victim to an exploit.

The exploit was first brought to light by blockchain security firm PeckShield,  which revealed  that the attacker successfully transferred the blockchain’s Ethereum staking contract to another address. 

Subsequently, the new owner upgraded the contract with a concealed function, enabling the withdrawal of staked tokens.

“There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function,” PeckShield wrote. 

Hi @ShidoGlobal There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function. This hidden function is then called to withdraw all 4,353,473,223.864904 $SHIDO.

Here are related txs:
– owner… https://t.co/TZ6oMDGwMG pic.twitter.com/VGZtyg9PEf

— PeckShield Inc. (@peckshield) February 29, 2024

At the time of writing, Shido is trading at $0.00141, down by more than 82% over the past day. 

The attacker managed to withdraw a staggering amount of over 4.3 billion Shido tokens. 

According to data provided by CoinGecko, this accounted for nearly half of the total circulating token supply of approximately 9 billion. 

At the time of the exploit, the market value of these tokens amounted to approximately $35 million. 

The severity of the incident raised concerns within the cryptocurrency community and highlighted the vulnerability of blockchain projects to such exploits.

Pseudonymous on-chain researcher ZachXBT delved further into the matter and discovered that the exploiter’s address had been funded through cryptocurrencies