Skyward Finance, an IDO platform built on the NEAR blockchain, suffered a $3 million exploit that caused its token to crash by 88%.
At around 7:20 pm ET on Nov. 2, the Skyward Finance team notified users that the Treasury had been drained in a smart contract exploit. The team was hit hard by the attack, saying the hack rendered the entire Treasury and its native token SKYWARD “effectively worthless.”
User funds were uncompromised by the hack. Skyward said that current and previous token sales were unaffected by the exploit, relieving token sale participants.
“The contracts are fully locked, meaning that no one can pause or prevent future issues with the $SKYWARD token – not even us. We recommend users to withdraw their funds safely where they can and for the community to no longer interact with Skyward,” tweeted the Skyward team.
The malicious on-chain activity was first noticed by a member of the NEAR community who goes by “Near Scout” on Twitter. After noticing the Treasury drain, he contacted Aurora Lab’s community moderator, Sanket Naikwadi, who confirmed the exploit and alerted the protocols involved.
Naikwadi was also the first to share the news on Twitter, several hours before Skyward Finance issued its own statement addressing the situation. According to his analysis, the hacker withdrew 1.1 million NEAR tokens, worth about $3 million at the time.
The hacker reportedly initiated the attack by buying SKYWARD tokens on DeFi platform Ref Finance and then redeeming it for NEAR through the Skyward Treasury for a much higher value than it was actually worth.