The vulnerability affected users who approved the Ember Sword NFT contract and thus allowed the attackers to receive approximately 60 WETH. Certik recommended that the approval of the relevant contract on the Polygon blockchain be withdrawn as soon as possible.
We have seen an exploit on an unverified Ember Sword NFT auction contract, profiting 60 WETH (~$195K).
The exploiter took advantage of its uninitialized state to claim the owner role and purchase fake NFT with weth from 159 victims who approved allowance.
— CertiK Alert (@CertiKAlert) April 28, 2024
A vulnerability in the Ember Sword NFT contract allowed scammers to manipulate rates and withdraw funds from service clients. Certik believes the vulnerability was caused by a bug in the Ember Sword NFT auction contract code.
Fraudulent bids could overlap with real user bids. This led to attackers winning auctions at a reduced price. They could then sell the NFT at a higher price, profiting from the difference.
Earlier, cybersecurity analysts at Certik reported a sharp increase in financial losses among digital asset holders due to the compromise of private crypto keys.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
