Shido Blockchain Token Plummets 94% in Minutes

In a startling turn of events, the native token of layer-1 blockchain Shido experienced a staggering 94% drop within 30 minutes following a critical exploit on its Ethereum-based staking contract. The incident, flagged by blockchain security firm PeckShield in a February 29th post, sent shockwaves through the crypto community.

PeckShield, a reputable name in blockchain security, sounded the alarm after detecting the exploit. According to their findings, an attacker successfully transferred Shido’s Ethereum staking contract to another address. Subsequently, the contract was upgraded with a concealed function allowing the withdrawal of staked tokens. The exploit resulted in the withdrawal of over 4.3 billion Shido tokens, amounting to nearly half of the circulating supply valued at approximately $35 million before the plunge.

Hi @ShidoGlobal There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function. This hidden function is then called to withdraw all 4,353,473,223.864904 $SHIDO.

Here are related txs:
– owner… https://t.co/TZ6oMDGwMG pic.twitter.com/VGZtyg9PEf

— PeckShield Inc. (@peckshield) February 29, 2024

Delving further into unraveling events, pseudonymous on-chain researcher ZachXBT shed light on the origins of the exploit. The attacker’s address was traced to funds initially bridged from the cross-chain protocol Layerswap and subsequently from the Arbitrum blockchain. Notably, ZachXBT also claimed to have uncovered the real identity of the wallet owner responsible for funding the exploit. However, this individual also appeared to have fallen victim to a separate hack, with assets mysteriously transferred before funding the exploiter.

Response from Shido team

Promptly responding to the crisis, the Shido team issued an official announcement, assuring users of measures to mitigate further threats against the protocol. Initiating an investigation into the breach, Shido urged the hacker to negotiate, offering a bounty for cooperation. Additionally, the protocol vowed to return assets to users who had staked their tokens.

Shido, a layer-1 proof-of-stake blockchain, had been on the brink of launching its mainnet, as announced in a post on February 24th. The project’s native token, SHIDO, operated as an Ethereum-based ERC-20 token, offering an attractive 8% annual yield for staking on the connected decentralized exchange (DEX).

Despite repeated attempts, Shido did not respond to requests for comment regarding the contract exploit.

Escalating crypto hacks

The incident adds to a growing tally of crypto-related hacks, underscoring persistent vulnerabilities within the ecosystem. According to PeckShield, 2023 witnessed over 600 crypto hacks, resulting in $2.1 billion in losses, marking a slight decrease from the previous year. However, the trend seems to persist in 2024, with January alone witnessing 30 attacks resulting in losses totaling $182.5 million.

As February draws to a close, exploiters continue to make headlines, with notable incidents, including the theft of $290 million from PlayDapp, alongside several million dollars pilfered through wallet breaches and phishing scams.

The exploit on Shido’s staking contract is a stark reminder of the inherent risks associated with decentralized systems. As the crypto space navigates turbulent waters marked by escalating threats, stakeholders are urged to remain vigilant and adopt robust security measures to safeguard against potential breaches. Amidst the aftermath of the incident, the broader community eagerly awaits further developments and the implementation of enhanced safeguards to fortify the resilience of blockchain ecosystems.