The WLEO contract was hacked late yesterday, resulting in $42,000 worth of stolen funds. The hacker stole Ethereum (ETH) from decentralized exchange Uniswap’s pool by minting WLEO to himself, and swapping it for Ethereum.
This is not the first time Uniswap has been hit by hackers. In April of this year, hackers reportedly stole between $300,000 and $1.1 million from the exchange. The hackers accidentally leaked their IP addresses during that attack, and so had to return the funds. But that hasn’t stopped them—or other ones—from targeting Uniswap yet again.
“From what I keep hearing, this has happened to many other pools on Uniswap. The token issuing contract/address gets exposed and then someone takes advantage of it to mint infinite tokens and rug pull the Uniswap pool to steal the Ethereum,” said Khaleel Kazi, founder of the LEO Finance community, in a report about the hack.
As the hack was taking place, WLEO users were quick to notice false transactions taking place, and responded by swiftly removing liquidity from the pool, limiting the returns the hacker has been able to enjoy.
Since then, the hacker, whose address is known, has reportedly transferred the Ethereum to Binance using anonymous accounts, making it almost impossible to trace the stolen funds.
“Binance has been contacted but there may be nothing they can do since the hacker seems to have used non-kyc’d accounts to receive the ETH,” added Kazi.
It remains unclear how the hacker managed to pull off the theft. According to Kazi, the flaw exploited doesn’t appear to be from the WLEO oracle, which allows the blockchain to interact with real world or off-chain data.
“This narrows it down to just a few possibilities for how they exposed the wLEO contract. We’ll release more details as we continue to investigate and narrow it down further,” said Kazi.
One person even suggested they would pay their rent with WLEO. At its current price of $0.0001, that’s looking unlikely.