Altcoins
Blast protocol becomes victim of a sandwich attack, details here
A perpetrator seized advantage of a slippage vulnerability within Blast resulting in the loss of funds worth $100K.
- An Attacker exploited a slippage vulnerability on Blast.
- Blast fixed the issue quickly, BLUR’s price continued to rise.
Blast protocol rapidly gained attention in the crypto community over the recent weeks, achieving notable advancements across diverse sectors. Serving as a Layer 2 solution, Blast allows users to deposit cryptocurrencies, including staked Ethereum and stablecoins, to generate returns.
Slippery ahead
However, recently the developments around Blast have been painting the protocol in a negative light. A twitter account going by the handle @0xSEM found vulnerabilities on Blast.
The tweet pointed out an incident related to the default slippage allowance for USDT deposits, which was set at 10%. A sandwich attack has unfolded; a strategy commonly employed on DEXes.
Oops. @Blast_L2 Looks like your slippage allowance is set to 10% by default for USDT deposits.
And a sandwicher found out about this:https://t.co/Pt1tVPouTl
This tx got sandwiched by a $70M DAI tx in Curve 3pool.
In the last hour the sandwicher drained > $100K pic.twitter.com/iE9jRUM3La
— SEM?? (@0xSEM) November 30, 2023
In a sandwich attack, bad actors trick decentralized exchanges. They use something called “slippage,” which is the gap between expected and real trade prices.
Imagine a sandwich: the attacker places a big trade (the bread) and then quickly does more trade (the fillings) around the target. This “sandwich” moves the price and causes slippage in the target trade.
The attacker profits from these price changes, draining value from the target trade.
In this case, the attacker executed a $70 million DAI transaction on Curve Finance 3pool, manipulating prices and profiting from the slippage.
The specific transaction on Blast got sandwiched, meaning it was caught between two larger transactions orchestrated by the attacker, resulting in adverse price movements and potential financial losses.
The attacker successfully drained over $100,000 in value.
Blast responds
The Blast team took to twitter to respond to the attack. They assured users that the issue was resolved.
Moreover, the team also mentioned that only one user was impacted by this attack and every other user was safe.
When USDT is deposited into the Blast Bridge, it is converted to DAI in the deposit tx. A misconfigured slippage param on the UI lead to 1 user receiving 100k less DAI than they should have across 2 txs. This issue has been fixed. We will send the affected user the amount lost…
— Blast (@Blast_L2) November 30, 2023
Realistic or not, here’s ARB’s market cap in BTC’s terms
Blur, the popular NFT marketplace, is closely associated with the Blast project. Its token has seen many ups and downs due to its proximity to Blast.
However, in the last 24 hours, BLUR surged by 7.89%. At press time it was trading at was trading at $0.519.