Skyward or $3.3 million theft

About a year ago, the launchpad on the NEAR blockchain “Skyward Finance” went live on the main net.

Skyward itself is a decentralized open-source IDO platform. Thanks to Skyward, other projects within the NEAR ecosystem can launch their own tokens.

What is IDO?

IDO (Initial Dex Offering) has become a new trend in DeFi due to the lack of regulation and requirements for both investors and developers. IDO is a specific method of collecting investments, mediated by DEX, due to the liquidity of which users can easily buy tokens on a decentralized exchange.?

Issued tokens during the IDO are guaranteed to be placed on the DEX. This solves one of the main problems of ICOs, where some projects simply do not live up to the listing.

Theft

The criminal discovered an error in the IDO smart contract of the Skyward platform. He purchased Skuward Finance (SKYWARD) tokens on the Ref Finance platform and then converted them into a native NEAR blockchain token using the Skuward service. As a result, the attacker received more coins than he intended.

After repeating the operation many times, Skyward Finance became poorer by 1.1 million in NEAR tokens, which is equivalent at that rate to about $ 3.3 million.

Consequences

Although the already launched IDOs were not affected due to the crookedly written Skuward smart contract, the project’s token fell by 89% after the cyber attack. After the end of the powerful dump, the decrease in the price of the virtual currency continued, and now it costs about $0.72, and the project itself has suffered great reputational losses.?

Aurora Lab moderator Sanket Haikvadi advised the robbed project to exchange the SKYWARD tokens for another crypto and try not to make transactions on the Skyward Finance platform itself. But after a hard dump, the developers who converted their coins into other coins on the recommendation of Naiqwadi suffered incredible losses.

Conclusion

Often, the cause of the tragedy with the theft of funds is the developers themselves, who made a mistake in the code. As practice shows, if there are such errors, then sooner or later, cybercriminals will take advantage of the bug.