Around 30 days ago, we experienced exploit that caused by profanity attack as discovered by 1inch in this article: A vulnerability disclosed in Profanity, an Ethereum vanity address tool.
Similar cases:
-
Dappnode $165k exploit, private key generated using fork of Profanity
-
Rubic $200k exploit, admin private key compromised
We had anticipated the potential exploit before by moving on some of the internal wallet and deployer however unfortunately we missed 2 wallets that was being used as initial minter/tester for FLT contracts on Binance Smart Chain.
Currently all FLT contract deployed on Binance Smart Chain are not within our control but luckily due to our security design, exploiter can’t access the existing minted FLT token since our contract doesn’t control the FLT token directly. Even FLT contract owner cannot steal the users fund. All user’s fund are safe and the lost is only within Risedle controlled wallet.
The exploit only affect our FLT product on BSC, the old version of leveraged token on Arbitrum is safe
We estimate to lose around 1600 BUSD to this profanity attack.
Below are the exploited wallets:
We also advise anyone that still holding FLT on BSC to redeem back into BUSD as soon as possible. We also can’t determine whether we will redeploy the current FLT token at BSC anytime soon.
Please contact us on discord if you have any problem with the redeem process.
What we have learned from this incident that we still lack of our wallet monitoring tool. Currently only main dev wallet are monitored. We will fix this in the future.
Stay safe frens.