Hackeo de varias Defis

Cita de aceitunascon

Defis chapuzeros que no auditan su codigo copypasteado y les cuelan un flash loan attack

Dear my Cerberions and Garudians,
After a quick analysis with my team, I will give our community a quick wrap up for what happened:

1. I am sad to say that today we are exploited. Not only Garuda and Cerberus, multiple yield farms with their native token got exploited today:
Lokum, ybear, garuda, cerb, piggy, caramelswap.

2. The affected tokens is CERBERUS and GARUDA, all your fund in other token pools are safe. You can withdraw your tokens in other pool now because it gives no more rewards.

3. The exploit is not inherent to our contract, but it became possible once we started adding tokens with a transfer fee to the masterchefs. Each time someone deposits these tokens to the contract, the contract receives a little bit less due to the fee. The problem is, the user can still withdraw the whole amount.

4. For the native GoCerberus token, we actually added code to make sure they can only withdraw what the contract receives. But this was not added for the Garuda token pool. So earlier today, the garuda pool got empty because people were able to withdraw more then their deposits.

5. Once the pool is empty, any users with a remaining balance where able to harvest much more tokens then they normally should, essentially multiplying their harvest by thousands of times. Due to this the masterchef was emptied of tokens as well half an hour ago.

6. But, because of our referral system, a hacker could actually continue to harvest tokens, even though the contract did not have any left, this is what happened 10 minutes ago.

7. The hackers after drain all Garuda and Cerberus, have sold it on the market, effectively make the price of Garuda and Cerberus go to 0.

8. Our THOREUM MasterChef has actually fixed this ( we had a scan by Rugdoc.io few days ago and they can confirmed this ), but unfortunatelly the old GARUDA and CERBERUS fall to this error, and we are unaware of this way of attack and cannot do anything to prevent it soon enough.

8. I will make a compensation plan for the lost of GARUDA and CERBERUS users. Details will be coming later after this annoucement.

9. A more detailed explanation of what just happened is in preparation and will publish on our medium as well as other social media.

10. I know and understand it's very upset to read this news, especially you have put a lot of faith in Garuda and Cerberus. We have to mute Telegram for people to read this. But please don't panic, stay calm and wait for a next announcement from us

Cita de -Puerro-

Estoy entrando a los telegrams de paginas que han sufrido el exploit y todas prometen compensaciones, espero que se haga decentemente

Cita de zomig

Por favor no los llames exploits son brechas de seguridad. Y no son hackers sino crackers.

Jaja salu2

Cita de zomig

Por favor no los llames exploits son brechas de seguridad. Y no son hackers sino crackers.

Jaja salu2

Cita de Campu

Hola. Yo tenía algo en esta pool de liquidez.

CERBERUS-CAKE LP

Lo he sacado a Metamask pero claro, no puedo convertir ni los cerberus (porque me da millones) ni los cake (que me da peniques). ¿Tiro la cartera a la basura?

Cita de -Puerro-

Pregunta por el telegram de cerberus o algo, no tengo ni idea

Cita de Campu

Hola. Yo tenía algo en esta pool de liquidez.

CERBERUS-CAKE LP

Lo he sacado a Metamask pero claro, no puedo convertir ni los cerberus (porque me da millones) ni los cake (que me da peniques). ¿Tiro la cartera a la basura?

Cita de aceitunascon

Defis chapuzeros que no auditan su codigo copypasteado y les cuelan un flash loan attack

Cita de S.Dev

Van a dar compensación por los LP que tenias. No te hagas ilusiones, espero una recuperación del 1%-10% del importe.


1. We will identify a block number before the first exploit and take a snapshot
2. We will identify the holder list of Cerberus, Garuda at that block ( either in LP pair, in LP pool, in single pool, in wallet)
3. We will use web3 technology to calculate the number of their holding
4. We will make a web tool so each user can enter a wallet and check this number
5. Make a new compensation tokens, for example GARUDAcomp and CERBERUScomp
6. Send the new token to the holders, number exactly match number of old token
7. Make a swap contract so holders of new token can swap their token for a valued token at that time, swap ratio will be based on the value of GARUDA and CERBERUS at the time of exploit and the value of the valued token at the time of swap.
8. This valued token will come from our dev fund, we do not mint new tokens to circulating supply, so it will not affect any current holders of this valued token.

Cita de Profe_latuerca

alguien me puede explicar para dummies en que consiste el hackeo que han hecho??

Cita de Doclp

Según he entendido yo (que puede ser incorrecto) han explotado un error del código por el cual tras meter dinero en el token en la pool luego podían sacar mucha más cantifad de la que habían metido