Spores Launchpad Staking Pool Update: Lessons Learned and Steps Forward
We are writing this article to provide our valued users with an important update regarding the recent incident involving our staking pool on the Binance Smart Chain (BSC). We sincerely apologize for any inconvenience caused and would like to provide you with a detailed explanation of the incident and what action we will take to protect our users.
Staking Pool Security Incident Explained
In April, we implemented two new features in our smart contract: setBlacklist and emergencyWithdraw. Unfortunately, we overlooked a flaw that allowed a hacker to exploit the emergencyWithdraw function.
On May 30th, 2023, the hacker (https://bscscan.com/address/0xb0705f2851da3f0eb834da4af1d784d522f99f1a) called the emergencyWithdraw function 322 times, each time collecting 600,592.46 SPO. In total, the hacker was able to steal 193,390,972.57 SPO.
The hacker then swapped all of the stolen SPO for BNB on Pancakeswap and sent the BNB to Tornado.Cash to remove any traces of the stolen funds.
Lessons Learned and Swift Response
This incident serves as a valuable lesson for us. We understand the importance of continuously improving our security measures and protocols. In response to this security breach, we have taken immediate action to prevent similar incidents in the future.
Our team has conducted a thorough review of our smart contract code, addressing the identified flaw and implementing additional security measures. We are committed to ensuring that your assets remain secure and that you can continue participating in staking activities with confidence.
We also decided to recover users with the equivalent amount of stolen tokens. We will reach out to each affected user individually with comprehensive information about this process. Our support team is readily available to assist you with any questions or concerns you may have during this process.
We want to assure you that the number of tokens exploited in this incident is equivalent to only 4% of the total token supply. Moreover, this incident has reinforced our commitment to strengthening our security measures and improving our protocols.
We appreciate your understanding, ongoing support, and trust as we continue to work tirelessly to provide you with a secure and reliable platform for your staking activities.
Thank you for your patience and continued support!