iVest hit with “null address” exploit, millions of PCs at risk to “un-removable” malware, Web3 gamer tricked into $69K approval: Crypto-Sec.
Crypto scams, hacks and exploits and how to avoid them: Crypto-Sec
Decentralized Finance protocol iVest Finance was the victim of a $156,000 exploit on Aug. 12, according to a report from blockchain security firm QuillAudits.
Transferring tokens to a null address (0x0) usually causes them to be lost forever. However, in the iVest protocol, transfers to the null address cause a _MakeDonation function to be called, which in turn causes the senders balance [to be] incorrectly reduced by double the intended amount, QuillAudits reported.
