EXcommunity Smart Contract Vulnerability
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
EXCommunity is a community for ex-lovers to connect together. On May 28th, the smart contract suffered an attack, which netted the attacker $37k. The exact mechanism of the attack has not yet been published. The EXCommunity made a post about continuing if bugs were found, but did not officially acknowledge or provide any postmortem of the bug, nor have they promised any compensation for anyone who may have been affected.[1][2][3][4][5][6][7][8][9][10]
About EXCommunity
"Join EX Community: where past meets future! Reconnect, heal, and grow in a safe, friendly space. Find new friends or rekindle old flames. Come rediscover yourself with us!"
"Dive into the world of emotions with EX Community's latest innovation: the largest meme coin community for emotional connections! Join us as we link the past, seize the present, and embrace the future together."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
"According to monitoring by the SlowMist security team, EXcommunity on BNBChain is suspected of being attacked, resulting in a loss of approximately $37,000."
| Date | Event | Description |
|---|---|---|
| May 2nd, 2024 9:08:00 AM MDT | EXCommunity posts for the first time on Twitter to promote. | |
| May 18th, 2024 4:50:00 AM MDT | Fake Telegram Group | The comunity is targeted by a fake Telegram group. |
| May 28th, 2024 12:05:33 PM MDT | Attack Transaction | The attack transaciton happens which drains the funds. |
| May 28th, 2024 12:40:00 PM MDT | Another Promotional Tweet | EXCommunity posts again to promote their group. |
| May 28th, 2024 8:49:00 PM MDT | SlowMist Tweet | SlowMist posts a tweet about identifying suspicious activity related to the EXcommunity smart contract. |
| May 28th, 2024 10:09:00 PM MDT | ChainAegis Tweet | ChainAegis tweets an analysis which includes a review of the transaction and the loss amount of $37k. |
| May 29th, 2024 1:58:00 AM MDT | EXCommunity Update | EXCommunity posts an update about how, even if they encounter bugs, they will continue to move forward. There is no mention that a bug actually happened. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
37k ChainAegis and SlowMist.
The total amount lost has been estimated at $37,000 USD.
Immediate Reactions
"According to monitoring by the SlowMist security team, EXcommunity on BNBChain is suspected of being attacked, resulting in a loss of approximately $37,000."
Ultimate Outcome
"The EX community is moving forward in an innovative mode. Even if we encounter bugs, we will quickly fix them and prepare to launch a new platform. At the end of June, the APP will be launched soon! The international community will kick off in Kuala Lumpur on June 20, where we will welcome families to join us on our journey at the end of July. Wait patiently, wonderful things are about to appear!"
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Jun 12, 2024)
- ↑ @SlowMist_Team Twitter (Jun 14, 2024)
- ↑ @EXcommunity2024 Twitter (Jun 14, 2024)
- ↑ @EXcommunity2024 Twitter (Jun 14, 2024)
- ↑ @EXcommunity2024 Twitter (Jun 14, 2024)
- ↑ @EXcommunity2024 Twitter (Jun 14, 2024)
- ↑ @ChainAegis Twitter (Jun 14, 2024)
- ↑ BNB Chain Address 0xb1de...495758 | Blockchain Explorer | OKLink (Jun 14, 2024)
- ↑ @EXcommunity2024 Twitter (Jun 14, 2024)
- ↑ BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Jun 14, 2024)