QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$450 000 USD
NOVEMBER 2024
GLOBAL
VIRTUALTOKEN
DESCRIPTION OF EVENTS

"The vETH token (VirtualToken) is an ERC-20 token designed to facilitate token lending, wrapping, and unwrapping functionalities. It features a controlled loan mechanism, allowing only authorized factory contracts to call its takeLoanfunction and manage user debt. The token also integrates access control through a whitelist and factory mechanism, ensuring that interactions are limited to approved entities."
"The attack targeted interactions between the vETH token’s takeLoan function and a liquidity-adding function in the Factory contract, which manipulates the state of Uniswap pairs. The attacker leveraged this flaw to acquire vETH tokens without incurring the intended cost."
"The root cause of the hack was a flawed interaction between the takeLoan function in the vETH contract and the liquidity-adding function in the Factory contract. This function allowed state manipulation of Uniswap pools, enabling the attacker to inflate the pool's constant product and mint vETH without proper cost."
vETH is lending contract token with a loan control mechanism which is part of an unknown project on Ethereum. On November 14th, the smart contract was exploited which allowed for cheaper minting of vETH tokens. There is no word on any intended recovery of the funds or reimbursment for affected users.
@SlowMist_Team Twitter (Dec 13)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 13)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 13)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 13)
Decoding Veth Tokens 450k Exploit (Dec 16)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 16)
Slow Fog: Suspicious activity related to vETH detected, users remain vigilant - ChainCatcher (Dec 16)
@PeckShieldAlert Twitter (Dec 16)
@surfer_steve_ Twitter (Dec 16)
ERC-20: vETH (vETH) Token Tracker | Etherscan
(Dec 16)
vETH Token Hack Analysis. Overview: | by Shashank | Nov, 2024 | SolidityScan (Dec 16)
