Skyward finance exploit allegedly results in $3 million loss

Skyward finance, an IDO platform enabling fair token distribution for projects on the NEAR Protocol, has reportedly been exploited for 1.1M NEAR tokens, worth an estimated $3 million USD at time of publication. 

The news was shared on Twitter by Aurora Lab's community moderator Sanket Naikwadi, who stated that the exploit was first noticed by a member of the NEAR protocol community, who goes by the handle @Nearscout.

The @skywardfinance was just exploited for ~1.1M $NEAR Tokens (Worth ~3M) . Thnx to @NearScout for noticing the treasury drain, he pinged me asking if something is wrong with skyward... then we looked into contract txns and found out about the exploit and sus txns.smol

— SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens (@sanket_naikwadi) November 2, 2022

According to the series of tweets on the exploit, Ref finance — a community-led multi-purpose DeFi platform built on the NEAR Protocol — and the Skyward team have been notified of the drain.

The exploiter reportedly initiated the drain by buying lots of skyward tokens on Ref Finance, and “then redeemed it through Treasury on Skyward Finance.”, where they appear to have “got lots of NEAR than what 1 SKYWARD was worth”.

Naikwadi cautioned SKYWARD Token holders to redeem or swap their tokens wherever they can, and no longer interact with Skyward Finance, adding that the “Hacker has already withdrawn NEAR to lots of different wallets.”

If you're a SKYWARD Token holder redeem/swap wherever you can and no longer interact with Skyward Finance.Hacker has already withdrawn NEAR to lots of different wallets.Huge shoutout again to @NearScout.also, Shoutout to @pikespeak_ai , it helped a lot in identifying the txns

— SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens (@sanket_naikwadi) November 2, 2022

Related: Barely halfway and October already the biggest month in crypto hacks: Finance Refined

Exploits within the Defi ecosystem appear to be on the rise. Blockchain analytics firm Chainalysis recentlylabeled October 2022 as “the biggest month in the biggest year ever for hacking activity."

On Oct 12, Cointelegraph reported that $100 million worth of cryptocurrency was drained from Solana-based decentralized finance (DeFi) exchange Mango Markets, resulting in its token plunging by 52%. On the same day of the Mango Market’s exploit, TempleDAO was also exploited for $2 million.

This platform turns data into cryptocurrency   Sept. 17, 2021
‘DeFi done right’: Layer-one protocol launches mainnet   July 29, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'   Feb. 3, 2022
STEPN impersonators stealing users' seed phrases, warn security experts   April 25, 2022
Report: GALA token exploit resulted from public leak of private key on GitHub   Nov. 7, 2022