Rabby Wallet Users Get Rugged Via Their Swap Feature
In today's edition of YIYL (You Invest, You Lose) we take a look at another shoddily made product of which there are many in the shitcoin space, one of them is signing software or as more commonly referred to as wallets.
Regardless of what wallet software you're using if its a software wallet you've created keys that are stored on your device, this leaves a constant attack vector open, and when a wallet supports multiple tokens and chains that threat multiplies. Now many shitcoiners opt for convenience because they want to manage all their shitcoins in one place, and software wallet providers are responding to that need without thinking much of security.
While many of these wallets are basically just EVM wallets that talk to every copy of ETH, there are a few that offer different chains too, and add to the complexity of managing such a wallet.
Rabby is one of those, supporting 37 chains, lol what could go wrong right?
Rabby goes rabid
As I mentioned Rabby is all about convenience, so it added a swap feature that routes trades with other DEFI protocols making it easy to trade inside your wallet. The Rabby Swap feature of the crypto wallet was exploited a month after it was first rolled out.
A user discovered an apparent vulnerability in the Rabby Swap smart contract that enabled them to arbitrarily transfer other users' funds. Rabby urged its users to revoke approvals for the contracts across multiple chains but as is always the case people aren't taking note of these things and that leaves their funds exposed.
The attack impacted assets on multiple chains and the user was able to secure 114 ETH (~$146,000) which they then tumbled through Tornado Cash shortly after the exploit
The user also copied the same strategy on Binance smart chain and was able to secure a further 179 BNB (~$48,500).
This is the damage we know of so far and the full extent of the attack is still being measured. The buggy contract that enabled the attack had been audited by blockchain security firm PeckShield, but the vulnerability had apparently gone undetected.
https://twitter.com/PeckShieldAlert/status/1579848310009233409
The Rabby team then took to Twitter to warn its users and also to let them know that they are working on a solution. In the meantime, users have been urged to revoke the contract approval for the swap service on ALL the chains they support, which is a bit of a dick punch for users, but hey this is DEFI right, be your own bank and shit, so eat the losses and eat shit.
https://twitter.com/Rabby_io/status/1579877793642737665
I checked out some of the responses and there were users who even had funds taken from them using hardware wallets that were connected as signing nodes. I don't know how that user set up their wallet and if they used it as a sign-on device or they shared the private key instead because having to sign with your ledger every time you shitcoin would be a ballache.
So I assume they shared their keys and got rekt in the process.
Anyway, this is yet another lesson in why shitcoin tech is simply not made to keep your funds safe and when you are trying to cater your product to serve as much trading as possible, you're not too worried about how secure it is and people get their funds into positions where they are exposed.
A lot of people using these shitcoin products don't know what the fuck they are doing, they are lambs to the slaughter and there are wolves everywhere in this space, if you're not going to protect yourself and take the time to secure your keys properly but you want to play in this space, well then you get what you fucking deserve.
People should get rekt for their negligence and I will continue to laugh at them because it's funny I am tired of people pretending it's not.
Sources:
Have your say
What do you good people of HIVE think?
So have at it my Jessies! If you don't have something to comment, "I am a Jessie."
Let's connect
If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase
Earn Free bitcoin & shop | Earn Free Bitcoin & shop | Claim Free Bitcoin & Shop |
---|---|---|
Posted Using LeoFinance Beta