CashVerse BNB To AdaCash DepositBNB Sandwich Attack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 16:39, 20 March 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/cashversebnbtoadacashdepositbnbsandwichattack.php}} {{Unattributed Sources}} thumb|CashVerse<ref name="slowmisttweet-19259" /><ref name="cashversehomepage-19260" /><ref name="cashversetokenabout-19261" /><ref name="cashverselasttweet-19262" /><ref name="cashverseresponsetweet-19263" /><ref name="cashverseresponsetweet-19264" /><ref name="tenarmortweet1-19265" /><r...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

CashVerse

[1][2][3][4][5][6][7][8]

About CashVerse

CashVerse is a platform designed to provide users with multiple streams of passive income through the cryptocurrency market. The project focuses on transparency, integrity, and utility, aiming to offer safe and long-term investment opportunities. By offering services like staking, token holding, and access to a range of crypto tools, CashVerse strives to keep users updated and informed about market trends. The platform also includes a portfolio tracker, real-time crypto news, and marketing services, helping users stay connected to the latest developments in the crypto space.

One of the key features of CashVerse is its use of in-house tools and services, including "Crypt2Date," a platform for crypto research, and the "SignalBot," a Telegram bot that provides security-checked investment signals across multiple chains. Users can personalize their signal preferences, from more speculative options to the most secure recommendations. The platform encourages a community-focused approach to financial freedom, emphasizing the importance of embracing market dips for long-term rewards. CashVerse aims to build a strong and engaged community while offering a safe and reliable environment for crypto enthusiasts to invest and earn passive income.

CashVerse differentiates itself by leveraging lessons learned from its predecessor, FortuneCash, and incorporating innovative features like strategic taxation and staking mechanisms. The platform uses a unique tax structure of 8% buy/sell/transfer tax, which is split between 4% for spots and 4% for ADACash/SOLCash. Additionally, the launch date is mentioned, which is set for July 5th, 2024. CashVerse aims to create a comprehensive ecosystem with multiple avenues for earning passive income, such as staking and token holding, while driving value to its associated tokens. The platform encourages users to join its community and benefit from its extensive partnerships.

The Reality

The CashVerse smart contract had vulnerabilities.

The depositBNB function in contract 0x2d70 lacks access control and proper slippage protection, allowing anyone to swap BNB in the contract for ADAcash. The attacker exploited this via a sandwich attack.

Additionally, there's a minor issue: the transfer function of ADAcash contains multiple swaps, all lacking slippage protection. By exploiting this, the attacker reclaimed swap fees and maximized profits by sandwiching the WBNB/ADA swap."

What Happened

The CashVerse smart contract was exploited, resulting in an estimated loss of $107.9k USD.

Key Event Timeline - CashVerse BNB To AdaCash DepositBNB Sandwich Attack
Date Event Description
January 14th, 2025 5:29:00 AM MST Last Tweet From CashVerse The last tweet from CashVerse on theit Twitter/X account, advertising a trading bot for users.
February 7th, 2025 12:59:25 PM MST Original Transaction Out Of Gas The original attack transaction by the individual who discovered the vulnerability ran out of gas.
February 7th, 2025 12:59:28 PM MST Transaction Frontrunning Done The transaction was front-run. This transaction by the front-runner is successful.
February 7th, 2025 8:11:00 PM MST TenArmor Publishes Analysis TenArmor posts a public analysis of the exploit transaction, revealing that the original attack was frontrun due to running out of gas. The vulnerability was found in the depositBNB function of contract 0x2d70, which lacked access control and slippage protection, allowing the attacker to exploit it via a sandwich attack. Additionally, the transfer function of ADAcash contained multiple swaps with no slippage protection, enabling the attacker to reclaim swap fees and maximize profits.
February 8th, 2025 12:17:00 AM MST SlowMist Security Alert "SlowMist Security Alert We detected potential suspicious activity related to @CashverseLLC. As always, stay vigilant!"
February 8th, 2025 12:19:00 AM MST CashVerse Response Tweet CashVerse responds to SlowMist "that was very Strange Yesterday" and it "[s]eemed Like a flashloan Attack or idk.. didnt make any sense".
February 8th, 2025 12:33:00 AM MST TenArmor Tags CashVerse TenArmor responds to their original tweet with a tag for CashVerse's Twitter/X account. Now they manage to get CashVerse's attention.
February 8th, 2025 12:39:00 AM MST CashVerse Defensive Tweet "Also WE Here since 3 years.. 2 years with almost No Volume very profitable scam"
February 8th, 2025 1:53:00 AM MST Untitled Event

Technical Details

"Our system has detected a suspicious sandwich attack involving an old unverified contract 0x2d70 and #ADAcash @adacashbsc on #BSC, resulting in an approximately loss of $107.9K.

It seems that the original attack transaction was frontrun due to running out of gas.

The depositBNB function in contract 0x2d70 lacks access control and proper slippage protection, allowing anyone to swap BNB in the contract for ADAcash. The attacker exploited this via a sandwich attack.

Additionally, there's a minor issue: the transfer function of ADAcash contains multiple swaps, all lacking slippage protection. By exploiting this, the attacker reclaimed swap fees and maximized profits by sandwiching the WBNB/ADA swap."

Total Amount Lost

TenArmor reports "resulting in an approximately loss of $107.9K."

The total amount lost has been estimated at $108,000 USD.

Immediate Reactions

It does not appear that CashVerse has not posted on their Twitter account since January 2024. However, CashVerse replied and engaged with multiple smart contract auditing firms including SlowMist and TenArmor.

Ultimate Outcome

CashVerse has never made any public announcements about the exploit or what happened. It is unclear what may have happened behind the scenes.

Total Amount Recovered

The total amount recovered is unknown.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist - "SlowMist Security Alert We detected potential suspicious activity related to @CashverseLLC. As always, stay vigilant!" - Twitter/X (Accessed Mar 20, 2025)
  2. CashVerse Homepage (Accessed Mar 20, 2025)
  3. About CashVerse Token (Accessed Mar 20, 2025)
  4. CashVerse - "C2D Tradingbot is here for YOU! Trade tokens on ETH, BSC, ARB, BASE, and MATIC Monitor profits directly in Telegram Start trading today" - Twitter/X (Accessed Mar 20, 2025)
  5. CashVerse - "Yeah that was very Strange Yesterday. Seemed Like a flashloan Attack or idk.. didnt make any sense" - Twitter/X (Accessed Mar 20, 2025)
  6. CashVerse - "Also WE Here since 3 years.. 2 years with almost No Volume very profitable scam" - Twitter/X (Accessed Mar 20, 2025)
  7. TenArmor - "Our system has detected a suspicious sandwich attack involving an old unverified contract 0x2d70 and #ADAcash @adacashbsc on #BSC, resulting in an approximately loss of $107.9K." - Twitter/X (Accessed Mar 20, 2025)
  8. CashVerse Linktree (Accessed Mar 20, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=CashVerse_BNB_To_AdaCash_DepositBNB_Sandwich_Attack&oldid=6672"