Certik Alert (@CertikAlert) Accounts for hacking alarms, rug-pulls, and more for the crypto community. Reportedly, “ApeCoin” hit by flash loan via airdrop event, totaling 293 ETH or 27 million baht.
Certik Alert clarified the details of the incident that
1. Attacker purchases BAYC No.1060 from OpenSea and uses it as a fee for flash loan tokens 5.2 BAYC from “NFTX Vault”.
2. The attacker then takes the flash loan BAYC tokens (in clause 1) to the Redeem BAYC NFT (IDs of the NFT tokens are: 7594, 8214, 9915, 8167, and 4755).
3. Done, get 60,564 ApeCoin tokens as Airdrop reward and exchange almost all $APE for ETH.
4. Finally, Attacker mint BAYC NFT (obtained from flash loan) into BAYC tokens to pay the flash loan and return fee.
The function getClaimableTokenAmountAndGammaToClaim() in the AirdropGrapesToken contract (used in this Airdrop event) allows BAYC holders to calculate the number of coins they can claim, which only calculates the “Amount of BAYC” held, not the “Hold Period”. So it can become a loophole for Flash Loan.
The post Warning! “ApeCoin” flash loan from Airdrop event damages 27 million baht, appeared first on Bitcoin Addict.