QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$65 000 USD
JANUARY 2025
GLOBAL
AST
DESCRIPTION OF EVENTS
The AST token was launched on the Binance Smart Chain on January 17th.
Unfortunately the smart contract was launched with a vulnerability which could be exploited by removing liquidity. When remove liquidity from pancake pair, AST token decreases pancake pair balance and burn tokens of pancake pair, not increase user's balance. This means AST token balance of pancake pair decreased 2 times.
"AST token on BSC was hacked because of wrong transfer logic. When remove liquidity from pancake pair, AST token decreases pancake pair balance and burn tokens of pancake pair, not increase user's balance. This means AST token balance of pancake pair decreased 2 times."
"Hacker exchanged a huge amount of USDT to AST, small amount of AST remained in pancake pair. Then, he transferred some USDT and AST to pancake pair, and called "skim", AST balance of pancake pair decreased to 1. Then, he was able to drain all USDT using a few AST tokens. He gained $65k."
SlowMist: "Amount of loss: $ 64,700"
Nick L Franklin: $65k.
"According to monitoring by the SlowMist security team, AST was allegedly attacked on BSC."
"SlowMist Security Alert We detected potential suspicious activity related to $AST. As always, stay vigilant!"
"The attacker has transferred the funds to Tornado.Cash."
The AST token, launched on the Binance Smart Chain on January 17, 2025, was exploited due to a vulnerability in its smart contract. The issue involved the removal of liquidity from the PancakeSwap pair, which resulted in a decrease in the AST token balance rather than increasing the user's balance. A hacker took advantage of this flaw by exchanging a large amount of USDT for AST, draining around $65k from the liquidity pool by exploiting the token’s transfer logic. The attacker transferred the funds to Tornado.Cash. The exploit was detected and monitored by SlowMist, TenArmorAlerts, and Nick L Franklin, who published further information. It is unclear who runs the AST token and whether any assistance has been made available for affected users.
SlowMist - "SlowMist Security Alert We detected potential suspicious activity related to $AST. As always, stay vigilant!" - Twitter/X (Mar 11)
AST Token Smart Contract - BSCScan (Mar 11)
AST Token Launch Transaction - BSCScan (Mar 11)
Exploit Transaction - BSCScan (Mar 11)
Nick L Franklin - "AST token on BSC was hacked because of wrong transfer logic. When remove liquidity from pancake pair, AST token decreases pancake pair balance and burn tokens of pancake pair, not increase user's balance. This means AST token ba...ter/X (Mar 11)
https://app.blocksec.com/explorer/tx/bsc/0x80dd9362d211722b578af72d551f0a68e0dc1b1e077805353970b2f65e793927 (Mar 11)
AST token hacked. – Defi hack analysis (Mar 11)
Audit911 - "Now you can find a vulnerability worth ~60k in just 5 minutes. AI auditing subverts the industry." - Twitter/X (Mar 11)
Ten Armor Alert - "Our system has detected a suspicious attack involving #AST on #BSC, resulting in an approximately loss of $64.7K." - Twitter/X (Mar 11)
Another Transaction By Attacker - BSCScan (Mar 11)
AST( AST ) Price and Market Stats | TheBitTimes.Com (Mar 11)
https://apespace.io/bsc/0xc10e0319337c7f83342424df72e73a70a29579b2 (Mar 11)
