BleepingComputer reports that Level Finance has lost nearly $1.1 million worth of LVL tokens in a hack that involved the exploitation of a smart contract vulnerability just after the decentralized perpetual exchange underwent two security audits.
No impact has been reported to Level Finance's liquidity pool and DAO treasury but the attack has prompted an almost 50% decline in LVL token value, according to Level Finance, which also noted that the exploit has not affected other contracts.
Both PeckShield and BlockSec noted the presence of a logic vulnerability in the compromised "LevelReferralControllerV2" smart contract's claimMultiple functionality, which enabled repeated claims of referral rewards within the same time period.
"Specifically, the claim reward was determined by the tier of referral and reward points, hence the attacker made the following preparation: 1) creating and setting many referrals; 2) using flashloan to perform dozens of swap (the reward was updated in the postSwap function)," said BlockSec in a tweet.
Hamas spokesperson Hudhayfa Samir Abdallah al-Kahlut, also known as "Abu Ubaida," has been sanctioned by the U.S. Treasury Department for his leadership of the group's cyber influence operations, reports The Record, a news site by cybersecurity firm Recorded Future.
TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.