Paraluni DeFi app hacked for 1.7 million dollars in a single transaction
Paraluni, short for Parallet Universe is a DeFi app on Binance Smart Chain. Today, it was hacked in single transaction where whopping 1.7 million dollars in total.
The hacker made use of reentrancy bug in smart contract in depositByAddLiquidity function that allows hacker to double the withdrawable credits.
Paraluni claims to be building financial foundation and economic system of the Metaverse as its mission, and has always been committed to creating a safe, reliable and diversified economic environment for the Metaverse. However, earlier today, Paraluni itself confirmed that their DeFi project was maliciously attacked by hackers at 8:04 Chinese time today. They suggest users to temporarily redeem all the principal invested in Paraluni.
They added they strongly condemn the malicious attacks by hackers. Regarding some of the assets stolen by hackers in Paraluni, the developers and team are making every effort to recover them.
3/ To illustrate, we use the hack tx and show the key steps below pic.twitter.com/MxgVGCxn6G
— PeckShield Inc. (@peckshield) March 13, 2022
Hacked funds are already withdrawn from Tornado Cash, a crypto mixing service that makes funds harder to trace. Remaining gains are swapped via PancakeSwap and funny enough, they are still in hacker’s account.