Crypto token launchpad Team Finance has lost $15.8 million in an exploit as it migrated to v3, despite an audit on the underlying contract.
In a tweet on Thursday, the platform said that around $14.5 million tokens were exploited through the v2 to v3 contract.
“We have temporarily paused all activity through team finance until we are certain this exploit has been remedied. All funds currently on Team Finance are not at further risk of this exploit,” said Team Finance.
On-chain analysis from blockchain security firm PeckShield found that the amount lost in the exploit was closer to $15.8 million. The exploiter in question reportedly cost the attacker only 1.76 ETH worth around $1,600 at the time.
The attacker took advantage of a flawed migrate function to transfer real Uniswap v2 liquidity to a new v3 pair that was controlled by him. The skewed price resulted in a large reward for the exploiter, said PeckShield.
At the time of writing, the stolen funds are still sitting in the wallet address that has now been labeled Team Finance Exploiter. These funds include $6.43 million worth of stablecoin DAI and $1.3 million worth of ETH.
Team Finance has urged the exploiter to contact them for a bounty payment and has since contacted exchanges to prevent him from cashing in from the blacklisted address.
The platform joins a host of others that have found themselves victims of an exploit over the last few weeks. Earlier this month, Mango Markets lost $114 million through a market manipulation exploit, followed shortly by Moola Market that lost $8.4 million in a similar fashion.
A report from blockchain intelligence firm Chainalysis on Oct. 13 found that this month has been the biggest month for hacking activity with over $718 million worth of funds stolen from 11 different hacks.
“At this rate, 2022 will likely surpass 2021 as the biggest year for hacking on record. So far, hackers have grossed over $3 billion dollars across 125 hacks,” said Chainalysis.