Scammers exploited vulnerabilities, leading to an $880,000 loss for a user who engaged with a malicious ERC-20 permit message on a fake Discord server.
Key Takeaways
- Scammers exploited a flaw in Across Protocol’s documentation, leading to an $880,000 loss for a user who interacted with a malicious ERC-20 permit message on a fake Discord server.
- Crypto sleuth ZachXBT raised concerns about a potential security breach, pointing to a compromised vanity invite address within the protocol’s documentation.
- A victim suffered the loss in aEthWBTC, as disclosed by blockchain forensic firm Scam Sniffer in an X post, linking the incident to the protocol’s documentation.
- Across Protocol’s team acknowledged the existence of the fraudulent Discord server and is actively working to dismantle it, although the full extent of losses remains undisclosed.
Documentation Flaw Leads to $880,000 Loss
Crypto investigator ZachXBT, in a Telegram post on December 26, flagged a security concern related to Across Protocol’s documentation. The warning highlighted a compromised link within the documentation that directed users to a fake Discord server.
This fraudulent server, impersonating an official one, led to an unfortunate incident resulting in the loss of $880,000 in crypto, tied to an unidentified blockchain entity.
In response to the incident, the Across Protocol team acknowledged the presence of the fraudulent Discord server and assured the community that measures are being taken to dismantle it. However, the extent of losses associated with this security lapse has not been disclosed by the developers.
Scammers stole $880k via fake Discord server for Across Protocol #CryptoAlerts pic.twitter.com/RpOjFY6MSm
— CryptoAlerts365 (@CryptoAlerts365) December 26, 2023
Across Protocol’s Focus and Funding Background
Across Protocol operates as a cross-chain bridge, specializing in layer-2 solutions and rollups. Utilizing UMA’s optimistic oracle for enhanced security.
The platform emphasizes capital efficiency through features such as a unified liquidity pool. Crunchbase data reveals that the protocol secured a total of $10 million in funding from investors including Blockchain Capital and two others.
To Conclude
The exploitation of a documentation flaw in Across Protocol has resulted in an $880,000 loss for a user who engaged with a malicious ERC-20 permit message on a fake Discord server.
Despite the acknowledgment and proactive measures taken by the Across Protocol team, the complete extent of losses remains undisclosed.
