Table of Contents
Late on March 15th, Poolz Finance experienced a hack, with attackers exploiting a vulnerability in the arithmetic overflow of the platform. Upon discovery, the Poolz team leaped into action, rapidly disabling the point of entry and mitigating the worst of the effects.
Due to the speedy response of Poolz, the hacker’s address was frozen, preventing further damages from occurring within the ecosystem. As little as 10 hours after the exploit was discovered, the Poolz management team had already planned out response systems, comprehensive compensation packages for their users, and a future roadmap.
Thanks to the security and management team at Poolz, the event was not nearly as impactful as it could have been. The founder of Poolz, Liam Cohen, stated “We're proud of our team's swift and effective response to the cyber attack on our platform. Our top priority is our community, and we're committed to providing them with a secure and reliable platform for decentralized finance.”
Let’s dive into the full story.
According to PeckShield, a blockchain security and data analytics company, the hack was caused due to an arithmetic overflow issue. The exploit was first discovered when the same sender repeatedly sent an identical transaction pattern in the token vesting smart contract.
This allowed the hacker to extract tokens that were already allocated to public buyers. They could siphon off cryptocurrency into their accounts, then converting them to BNB and moving them out of the system.
The Poolz ecosystem was heavily impacted by this, with the hacker making off with around $390,000 USD equivalent from their exploits. As this became public knowledge, the native token of Poolz - POOLZ - dropped more than 95%.
How Poolz Stopped the Exploit
Within two hours of the attack, Poolz was already in action defending their ecosystem. They had flagged the hacker’s address across the world’s leading blockchain explorers, preventing them from taking further action.
On a wider scale, they also removed the remaining liquidity from both Sancakeswap and Uniswap in order to protect their community. This was in order to prevent further trading and buying, alongside arbitrage attempts. Over the next few hours, Poolz moved through a number of steps to lessen the impact of the exploit:
- Complete Freeze - All POOLz tokens porting on the ChainPort.io bridge were frozen.
- CMC Communications - Poolz got in contact and submitted their report to CMC, which was then approved.
- Flash Funding - Poolz released a flash fundraiser to help them with building a new system with strengthened security foundations. This raised over $600,000 USD in 12 hours.
Thanks to the quick reaction of the Poolz team, the exploit was neutralized in a timely manner, preventing further consequences to the wider ecosystem.
Building Back Better
Following the event, Poolz has also released documentation and strategy planning for a new token within their ecosystem. The Poolz team rapidly began planning a new token for the platform, POOLX, which is now under audit by ChainPort Certik, and ArcadiaGroup.
The platform is currently planning out a compensation model to ensure that their community is rewarded for their patience and support during this time. At present, Poolz has the full support of their community, with many being extremely impressed by the response that this ecosystem has lead with.
Reflecting on the event, Cohen has stated, “While this event was a setback, we are confident that we will emerge from it stronger. Our new token, POOLX, is currently under audit by industry leaders and will provide a more secure and reliable future for our community and customers.”
Beyond this, he comments on the devotion of the Poolz ecosystem to their community,
We're proud of our team's swift and effective response to the cyber attack on our platform. Our top priority is our community, and we're committed to providing them with a secure and reliable platform for decentralized finance. Despite this setback, we'll come out stronger with our new token, POOLX, which is currently undergoing an audit. Our treasury is unaffected, and we remain financially stable. We're dedicated to our community and DeFi and we thank you for your support.
Despite a challenging 24 hours, the reaction and rapid crisis management that Poolz has displayed curtailed the impacts of this security event. While the original native token has devalued, the steadfast plans that Poolz have issued in terms of the new native token will allow the ecosystem to bounce back effectively.
Across the impressive response from Poolz, the community support, and the backing of further investment, this is a wonderful example of the world of blockchain rallying behind an ecosystem. Luckily, this hack was far from the end of Poolz.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.