Defi Project Thena on BSC Chain Suffers $20,000 Loss in Cyber Attack

03/28/2023 03:48 • AI Insights • 80 views

On March 28th, it was reported that the DeFi project Thena on the BSC chain was attacked, resulting in a loss of approximately $20000, according to the monitoring by the OKLink security team of the Ouke Cloud Chain. According to the security team’s analysis, the main cause of this attack event is that the Strategy contract upgrade introduced some configuration issues, and the unstake function did not perform permission verification, resulting in attackers being able to call the unstake function and pass in parameters_ Beneficiary, unstack the user’s pledged assets to_ Beneficiary address. Taking one of the transactions as an example, the attacker calls the unstake function to set_ Beneficiary is an attack contract that removes user assets and completes the attack.

Thena, the DeFi project on the BSC chain, was attacked, resulting in a loss of approximately $20000

Cybersecurity has always been a major concern in the world of cryptocurrency. In recent years, Decentralised Finance (DeFi) projects have become a prime target for attackers due to the significant amount of money involved. On March 28th the DeFi project Thena suffered a cyber attack resulting in a loss of approximately $20000, according to the monitoring by the OKLink security team of the Ouke Cloud Chain.

What is DeFi?

Before going into the details of the Thena attack, it is important to understand what DeFi is. DeFi is a term used to describe a financial system built on the blockchain that is completely decentralised. It is designed to remove intermediaries like banks and brokers, enabling users to conduct transactions directly with each other, thereby eliminating the need for third-party involvement.

What Happened in the Thena Attack?

According to the security team’s analysis, the main cause of this attack event is that the Strategy contract upgrade introduced some configuration issues. Additionally, the unstake function did not perform permission verification, resulting in attackers being able to call the unstake function and pass in parameters_ Beneficiary, unstack the user’s pledged assets to_ Beneficiary address. Taking one of the transactions as an example, the attacker calls the unstake function to set_ Beneficiary is an attack contract that removes user assets and completes the attack.

Measures to be Taken to Prevent such Attacks

One of the major takeaways from the Thena attack is the importance of upgrading the contract in a safe and secure way. As security experts have suggested, contract upgrades should always be reviewed by at least two individuals with expertise in smart contract development. It is also recommended that developers should use pre-audited contracts or libraries to reduce the likelihood of such attacks. Additionally, developers should conduct a proper audit of their contracts to identify potential vulnerabilities and improve the security of their code.

Conclusion

The Thena attack marks yet another warning sign in the world of DeFi. It is important to understand that the DeFi ecosystem is still in its nascent stages and faces significant security risks. As more and more money flows into the DeFi market, it is paramount that developers and investors work together to ensure the safety and security of this new financial system.

FAQs

**Q1. What is DeFi?**
A. DeFi is a financial system built on the blockchain that is completely decentralised.
**Q2. What happened in the Thena attack?**
A. The attackers were able to call the unstake function and pass in parameters_Beneficiary, unstack the user’s pledged assets to_Beneficiary address, resulting in a loss of approximately $20000.
**Q3. What measures can be taken to prevent such attacks in future?**
A. Developers should use pre-audited contracts or libraries to reduce the likelihood of such attacks. Developers should also conduct a proper audit of their contracts to identify potential vulnerabilities and improve the security of their code.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/03/28/defi-project-thena-on-bsc-chain-suffers-20000-loss-in-cyber-attack/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.