Safedollar crashes to zero after attacker mints 214 quintillion tokens, drains US$248,000 from system
Link copied to
A crypto project named “Safedollar” has proven to be anything but, with the value of their token supposedly pegged to the US dollar crashing to zero after an attacker apparently exploited a bug in its code.
“Safedollar has been under attack,” the project said in its Telegram channel. “We have paused activities on SafeDollar and [are] investigating the matter.”
The project was an algorithmic stablecoin on the Polygon (Matic) Ethereum sidechain. Block explorer Polygonscan shows that $248,000 in USDC and Tether was transferred out of the contract Monday afternoon (Sydney time).
Mudit Gupta, a core developer for SushiSwap, tweeted that the project was hit by an “infinite mint exploit” made possible because of a bug.
The token deposited (https://t.co/oc6se9l8R5) charges a fee on transfers. Therefore, every time someone withdrew tokens from the rewarder, the rewarder lost some of its balance in fees. Ideally, the fee should have been borne by the user but the rewarder doesn’t account for it. pic.twitter.com/12WqjbYakT
— Mudit Gupta (@Mudit__Gupta) June 28, 2021
By repeatedly withdrawing and depositing tokens in a loop, the attacker was able to take advantage of rewards the project was offering and eventually mint 214 quintillion token units (214,235,502,909,238,707,603, to be precise).
They then claimed a huge reward and used that to buy the Tether and USDC stablecoins.
The value of the Safedollar share token SDO fell from US$13 to $2 at around the same time.
The project had just launched on June 11, and had attracted some investors burned in the collapse of Iron Finance on June 16.
In Safedollar’s Telegram channel, some were reporting they had now been “rekt” by both projects.