- CertiK has commented on yesterday’s attack against Axion (AXN).
- The auditing firm says that the attack was likely carried out by someone responsible for deploying Axion’s contracts.
- The hacker stole $27 million of AXN tokens during the attack.
Share this article
CertiK, a blockchain auditing outfit, has commented on yesterday’s Axion hack, revealing that the attacker exploited the project’s third-party dependencies. The auditors added that someone within the project likely carried out the attack.
Insiders Likely Led Axion Attack
According to a HackMD article published by CertiK, the attack was “planned from the inside.”
Actors involved in the Axion project injected malicious code prior to Axion’s deployment by altering its OpenZeppelin dependencies. The injected code allowed the attacker to freely mint 80 billion AXN tokens.
Since the code was injected at the deployment stage, CertiK’s original audit of the code failed to prevent the attack.
Yvan Nasr, CertiK’s head of professional service, told Crypto Briefing that Axion likely “merged the code of the project with the right dependencies together and then manually inserted their malicious code in the OpenZeppelin dependency prior to deployment.”
Alex Papageorgiou, security engineer at CertiK, added that “the deployers were most likely Axion members, as whoever deployed the contracts could also set special owners roles … so they already were considered trusted”.
CertiK has not speculated on the precise identity of the attacker. However, it believes that the attack “could have only been done by those deploying the project.”
$27 Million of AXN Stolen
The exploit against Axion allowed the unknown attacker to mint 80 billion AXN tokens, then sell those tokens on the Uniswap exchange. Prior to the attack, that amount was worth $27 million, though the token’s price has now collapsed to $0.
To prepare for the attack, the hacker circulated 2.1 ETH on Tornado.cash for privacy. The attacker also purchased 700,000 HEX2T tokens as part of a “smokescreen,” CertiK says.
Though the attack was sizable in terms of its dollar value, it is notable primarily because the hacker followed an unusual line of attack. It remains to be seen if hackers can imitate this line attack and carry it out against other blockchain projects.
HEX Airdrop Token Collapses 100% Upon Delivery
Linked to the potentially fraudulent HEX Project, Axion promised to be the most profitable blockchain of its kind — but it didn’t deliver. Despite claims that five different auditors cleared…
Understanding Position Sizing
Let’s briefly examine the most important aspect of any trading system, position sizing, or specifically how much we will bet on any one given trading idea.
TRON Mainnet Suffers Attack, Brings Block Production to a Halt
TRON CEO Justin Sun posted a short tweet on Nov. 2, stating that TRON’s network was “back to normal,” encouraging users to spend their money on TRON. He later confirmed…