In a startling turn of events, the Shido blockchain, a layer-1 entity, witnessed a dramatic plunge in its token value, nosediving by up to 94% within a mere half-hour. This sharp decline was attributed to a significant exploit targeting its staking contract based on Ethereum.
Exploit Details and Immediate Aftermath
PeckShield, a reputable blockchain security company, was among the first to raise the alarm about the plummeting token value through a post on February 29. They detailed that an exploiter had cunningly transferred the control of Shido’s Ethereum staking contract to a new address. This new owner then proceeded to update the contract with a covert function that enabled the withdrawal of staked tokens.
In a subsequent disclosure, PeckShield revealed that the attacker had successfully extracted over 4.3 billion Shido tokens. This amount represented nearly half of the circulating supply, which is almost 9 billion tokens according to CoinGecko. Prior to the devaluation, the stolen tokens had an approximate value of $35 million.
ZachXBT, a pseudonymous on-chain researcher, shared insights on the funding origins of the exploiter’s wallet. The initial funds were traced back to the cross-chain protocol Layerswap, followed by transfers from the Arbitrum blockchain. ZachXBT’s investigation also hinted at the identification of the wallet owner responsible for funding the exploiter, suggesting that this individual’s assets were abruptly transferred, indicating a potential hack, prior to financing the exploiter.
Response and Measures Taken by Shido
In the wake of the incident, the Shido team swiftly issued an official statement. They assured that measures had been taken to mitigate any further threats and initiated an in-depth investigation into the breach. They also extended an olive branch to the hacker, proposing negotiations for a bounty in exchange for the return of the stolen assets. Furthermore, Shido committed to reimbursing users who had staked their tokens, ensuring them of their asset’s return.
Shido, yet to debut its mainnet, had previously announced an impending launch set for the week following February 24. The blockchain promotes SHIDO, an ERC-20 token on Ethereum, offering an 8% annual yield through staking on its decentralized exchange (DEX), as stated on its website.
At the time of reporting, Shido had not responded to inquiries regarding the exploit.
The Broader Context: Crypto Exploits in the Current Year
The incident involving Shido is part of a broader trend of crypto-related security breaches. The previous year witnessed over 600 such incidents, with losses amounting to $2.1 billion—a decrease of nearly 30% from 2022. January of the current year alone saw 30 attacks, with a cumulative loss of $182.5 million. February is shaping up to be another significant month for crypto exploiters, highlighted by a $290 million theft from PlayDapp, alongside several million dollars lost to wallet breaches and phishing scams.
Shido Exploit and Crypto Security Trends
| Event/Statistic | Detail |
|---|---|
| Shido Token Value Drop | 94% in 30 minutes |
| Shido Tokens Withdrawn | Over 4.3 billion |
| Value of Stolen Tokens (Pre-Drop) | Approx. $35 million |
| Total Crypto Hacks Last Year | Over 600 |
| Losses Last Year | $2.1 billion |
| January Attacks This Year | 30 |
| January Losses This Year | $182.5 million |
| Notable February Exploit | $290 million stolen from PlayDapp |
- PeckShield Alert: Broadcasted the token value drop and the exploit’s nature.
- Exploiter’s Method: Transferred and upgraded the staking contract to withdraw tokens.
- Community and Team Response: Shido team’s commitment to security and user reimbursement.
- Continuing Trend of Crypto Exploits: A broader look at the increasing challenge of securing digital assets in the blockchain ecosystem.
The Shido exploit underscores the persistent vulnerabilities within the blockchain and cryptocurrency sectors. While the swift response from the Shido team is commendable, the incident serves as a stark reminder of the intricate challenges facing blockchain security. It emphasizes the necessity for ongoing vigilance, sophisticated security measures, and community engagement to navigate the complex landscape of cryptocurrency threats.
Featured image credit: Quality Stock Arts via Adobe Stock