QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$480 000 USD
DECEMBER 2024
GLOBAL
VESTRADAO
DESCRIPTION OF EVENTS
VestraDAO is a community-driven decentralized organization focused on transforming the finance industry by providing global financial solutions for brokers and investors. Its governance model empowers stakeholders to participate in decision-making processes through token-based voting. Community members can propose, discuss, and vote on key decisions, including electing new board members every three years and voting on proposals related to locked token usage. The governance structure ensures transparency and fairness, creating an inclusive environment where all members have a voice.
The platform emphasizes decentralized governance and transparent financial management through its community-managed treasury. VestraDAO offers a range of features, including Over-the-Counter (OTC) trading, staking rewards, and airdrops, while allowing users to buy VSTR tokens on Uniswap. Community members have the power to vote on partnerships and strategic collaborations, influencing the project’s direction. With a dynamic roadmap, VestraDAO is committed to long-term sustainability, focusing on DeFi solutions and Web3 products to drive financial innovation.
Built on the Ethereum blockchain, VestraDAO combines decentralized finance with blockchain technology, offering secure and accessible financial solutions. The Vestra token (VSTR), which adheres to ERC20 standards, powers the platform’s governance and ecosystem. At the heart of the project is the CMLE NFT Community, a passionate group of 502 members who govern the platform and drive its development. With the DAO mechanism in place, members can propose, vote, and earn passive income, contributing to the project's growth. VestraDAO’s first project, Brolyz, serves as a hub for community interaction, further solidifying the platform’s commitment to decentralization and innovation in the global financial landscape.
The VestraDAO smart contract had a vulnerability in its locked staking contract. Specifically, the "unStake" function failed to properly check whether a user was marked as inactive after unstaking their tokens.
VestraDAO's smart contract contained a flaw in the "unStake" function of its locked staking contract. The function did not properly check if a user was marked as inactive after unstaking, allowing an attacker, who had staked 500,000 VSTR tokens a month prior, to repeatedly call the function. This enabled the attacker to claim more VSTR tokens than they were entitled to. The stolen tokens were then sold on Uniswap, resulting in significant financial losses.
"It appears the unStake function in VestraDAO's staking contract fails to properly check if a user is marked as inactive after unstaking.
An attacker, who staked 500k VSTR tokens a month ago, is now repeatedly calling the unStake function to claim an excessive amount of VSTR tokens."
A hacker had exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim excessive rewards. This led to the theft of 73,720,000 $VSTR tokens, which were then sold on Uniswap, resulting in the loss of approximately $500,000 worth of ETH liquidity.
TenArmor initially reported an estimated loss of approximately $378,400. CyversAlert later reported the total loss to be around $480,000.
VestraDAO initially reacted to the hack by swiftly identifying the issue and taking immediate action. VestraDAO blacklisted the locked staking contracts with the approval of 4 out of 7 delegates, disabling any further interactions with these contracts. Additionally, they removed 755,631,188 $VSTR tokens from circulation and reassured the community that they were working on a solution to reallocate the stolen funds to their rightful owners.
"Dear Vestrans,
Yesterday, we faced an unfortunate incident. A hacker exploited a vulnerability in the locked staking contract, manipulating the reward mechanism to claim excessive rewards beyond what they were entitled to. This led to a total of 73,720,000 $VSTR being stolen. The stolen amount was then gradually sold on Uniswap, resulting in the loss of approximately $500,000 worth of #ETH liquidity. However, we quickly identified the issue and took immediate action to blacklist the locked staking contracts with the approval of 4 out of 7 delegates, disabling any further interactions with the contracts. As a result, 755,631,188 $VSTR in the locked staking pools have been removed from circulation, and withdrawals can no longer be made from these contracts.
We acknowledge the impact of this situation on our community. Although users' funds in the locked staking pools are now inaccessible due to this measure, we want to assure you that we are fully committed to reallocating these funds to their rightful owners. The team is currently working diligently to finalize a solution and will share detailed plans in the coming days.
We are deeply grateful for the continued trust and support our community has shown during this process. Having such a strong, resilient, and united community is a great source of pride for us. We are determined to work together to overcome this challenge and deliver the best possible outcome for everyone involved.
While this unfortunate event has caused some price volatility, we are confident that the situation will stabilize soon and that its effects will be mitigated in the short term.
Our mission is to build a robust and sustainable project that will stand the test of time. We continue to work towards this goal with determination and resilience. By building our project on @ethereum, one of the most reliable blockchain networks in the world, we feel the strength of this foundation behind us.
Together, we can achieve stronger and more solid tomorrows.
Remember, as Vestrans, we are strong together, and together we will succeed."
The stolen $VSTR tokens were sold, and the funds were subsequently deposited into TornadoCash.
VestraDAO is providing compensation to affected users by offering 79.6 million VSTR tokens, which includes 4% staking rewards and an additional 1% goodwill compensation, bringing the total to 83.6 million VSTR. This compensation will be distributed to users with locked stakes for 3, 6, and 12 months. The distribution process was expected to be completed by the end of December 2024, and no action was required from users. CMLE NFT holders are responsible for managing the collection phase.
@Vestra_DAO Twitter (Jan 21)
@CyversAlerts Twitter (Jan 21)
@TenArmorAlert Twitter (Jan 21)
Reshaping the Finance with VestraDAO (Jan 21)
Reshaping the Finance with VestraDAO (Jan 21)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jan 22)
@Vestra_DAO Twitter (Jan 22)
@Vestra_DAO Twitter (Jan 22)
@Vestra_DAO Twitter (Jan 22)
