Igor Igamberdiev, the esteemed head of research at Wintermute, a prominent market maker, recently shared a detailed account of a fraudulent attempt to execute a governance attack on Swerve Finance, a decentralized finance (DeFi) platform.
According to Igamberdiev, the perpetrator made several unsuccessful attempts in the past week to pilfer more than $1 million of stablecoins from the protocol. However, the platform’s robust governance structure and the proactive measures taken by the community thwarted the scammer’s nefarious intentions.
According to the researcher, Swerve Finance is fueled by Aragon, and the platform’s users rely on veSWRV to carry out their proposals. However, the attacker’s possession of 495,000 veSWRV tokens falls short of the 571,000 tokens needed to execute proposals.
The tweets presented a comprehensive chronology of the occurrences that culminated in the assault, encompassing correspondences exchanged among various addresses, cryptocurrency transactions, and endeavors to devise proposals for the transfer of platform ownership. Ultimately, Igamberdiev posited that the perpetrator may have been the proprietor of the “Silvavault” address, identified by the Twitter handle @joaorcsilva.
Furthermore, the researcher urged the community to safeguard Swerve from potential assaults by transferring ownership to the null address. This address is impervious to access or control, thereby fortifying the platform’s decentralization and thwarting future attacks.
MyAlgo, the esteemed crypto wallet, has recently disclosed the initial outcomes of its ongoing inquiry into a security breach that occurred on its wallet service last month. The findings are a testament to the company’s commitment to transparency and accountability as it strives to maintain the highest level of security for its users.
Per the report, the perpetrators employed a man-in-the-middle attack methodology to capitalize on MyAlgo’s content delivery platform (CDN) and establish a malevolent proxy. MyAlgo asserted that the proxy subsequently tampered with the authentic code by introducing malicious code, presenting a corrupted version to users who accessed the wallet.
