$20 000 USD

MAY 2022

GLOBAL

HONEYSWAP

DESCRIPTION OF EVENTS

"Honeyswap is a Decentralized Exchange" "Honeyswap is comprised of liquidity pool contracts deployed to multiple EVM compatible chains which share common frontend interfaces that are maintained by the 1Hive community. Currently Honeyswap supports xDai and Polygon, but plans to expand support to other EVM chains and rollups in the future.

 

Honeyswap uses a multi-token model to manage the balance between Global and Local incentives. Development, support, and maintainence work that has Global benefits are funded using Honey from 1Hive's common pool. Farming Rewards, where benefits are localized to a one supported chain use a Comb token which can be valued as a derivative of the volume on that specific chain.

 

Swap fees on Honeyswap are split 1/12 to Honey, 1/12 to the local Comb token for that chain, and 5/6 directly to the pool of liquidity providers facilitating the swap."

 

"Do not use Honeyswap to make transactions right now! Most probably a front-end error on our side is causing transactions to lead to a malicious address."

 

"Anyone that used honeyswap in the past 2 days please go to https://revoke.cash and make sure you have no approvals to an address you do not know. Specially look for ⚠️0xD3888a7E6D6A05c6b031F05DdAF3D3dCaB92FC5B"

 

"We are happy to let you know that we've recovered http://Honeyswap.org domain and you should be able to use it now VERY IMPORTANT- Clear you cache, check if you have this quote from Marcus Aurelius (as shown on image) and not pulling some older cached version."

 

"Honeyswap domain has been hijacked. We are currently working with domain provider if we can get ASAP access to domain and return everything on place from before. If you know someone who used Honeyswap in past 2 days notify them and do not trade on honeyswap."

 

"We will create proposal to reimburse those who lost funds due to this unfortunate event, total funds lost are less than 20K$ so it should not be a problem for @1HiveOrg to support this proposal on our @gardensdao governance platform."

Decentralized exchange HoneySwap used and trusted GoDaddy for their domain name services. One day, an attacker managed to convince GoDaddy to modify the hostnames of the domain, directing the domain name to their own server, where they hosted a malicious replica of the HoneySwap website. Users who tried to interact with the HoneySwap website would be interacting with the malicious version, which routed their funds to the attacker's wallet. In total, the attacker was able to take $20,000 worth of funds before the domain could be fully rerouted back to the proper server. The HoneySwap team reported that they would be compensating all affected users.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.