top of page

Illuvium Team Drains sILV Uniswap Pool in Bid to Prevent Exploit Cash-Out

The multibillion-dollar blockchain gaming project is taking drastic steps to protect staking rewards.

(Fábio Lucas/Unsplash)

After discovering a flaw in its staking platform, multibillion-dollar blockchain gaming giant Illuvium has drained all the funds from a Uniswap pool in an effort to prevent an attacker from cashing out.

The drastic move is a perhaps novel step taken by a project to mitigate the damage caused by the latest in a string of hacks, exploits and attacks that have long been rampant in decentralized finance (DeFi), and now appear to be bleeding into the “GameFi” movement.

In a tweet yesterday, the team initially said that while they had discovered a vulnerability, “no funds have been compromised” and that minting contracts had been temporarily paused. However, a record of transactions dating back to November shows a series of addresses with custom contracts consistently depositing a sum of ILV, Illuvium’s governance token, and then withdrawing a greater sum of escrowed ILV, or sILV, rewards than would have been normally allowed by the staking program, before rolling the proceeds to a new address.

Starting at 2 p.m. ET on Tuesday, the sILV/ETH Uniswap V3 pool was drained of all funds in a series of large transactions, temporarily pushing the trading price of sILV to 0.

In a message in the project’s official Discord server, co-founder Aaron Warwick wrote, “In order to stop a security flaw from being executed, we have had to take the step of rescuing the sILV pool.”

Warwick added on Discord that the team has “a backstop multisig that is able to mint in extreme circumstances.” The team used this multi-signature wallet, an address with specific in-protocol permissions that needs a majority of a group of signers to execute transactions, to mint tokens and sell them for ETH, rendering sILV worthless, as there is no ETH to swap the sILV for. It’s currently unclear how much sILV the attacker was able to cash out as ETH before the team managed to drain the pool entirely.

“We were aware that the hacker was ready to sell all their sILV, and the amount they had would have completely drained the pool,” said Warwick in an interview with CoinDesk. “We attempted to beat them to it, and they got some and we got some.”

The team is already referring to compensation plans, writing on Discord, “As soon as we can get a snapshot of the true owners of sILV we will reimburse everyone.” Warwick declined to comment further on those plans.

Warwick also advised that users should not buy into any liquidity that is added to the Uniswap pool. ILV is down .8% on the day to $1,004.33.

3 views0 comments

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision., or the author, may have holdings in the cryptocurrencies discussed.


Read To Earn

Get early access and you will earn VERSUS when reading on the platform.

bottom of page