PANews reported on October 20th that Sharwa.Finance disclosed an attack and subsequent suspension of operations, according to a BlockSec Phalcon alert. However, several suspicious transactions occurred hours later, likely exploiting the same underlying vulnerability through a slightly different attack path. Overall, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a "sandwich attack" targeting swap operations involving the borrowed assets. The root cause appears to be a missing bankruptcy check in the swap() function of the MarginTrading contract, which is used to swap borrowed assets from one token (such as WBTC) to another (such as USDC). This function only verifies solvency based on the account's state at the time the swap begins, before executing the asset swap. This leaves room for manipulation. Attacker 1 (beginning with 0xd356) conducted multiple attacks, profiting approximately $61,000. Attacker 2 (beginning with 0xaa24) conducted a single attack, profiting approximately $85,000.PANews reported on October 20th that Sharwa.Finance disclosed an attack and subsequent suspension of operations, according to a BlockSec Phalcon alert. However, several suspicious transactions occurred hours later, likely exploiting the same underlying vulnerability through a slightly different attack path. Overall, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a "sandwich attack" targeting swap operations involving the borrowed assets. The root cause appears to be a missing bankruptcy check in the swap() function of the MarginTrading contract, which is used to swap borrowed assets from one token (such as WBTC) to another (such as USDC). This function only verifies solvency based on the account's state at the time the swap begins, before executing the asset swap. This leaves room for manipulation. Attacker 1 (beginning with 0xd356) conducted multiple attacks, profiting approximately $61,000. Attacker 2 (beginning with 0xaa24) conducted a single attack, profiting approximately $85,000.
BlockSec: Sharwa.Finance suffered multiple attacks, resulting in losses exceeding $140,000
2025/10/20 18:41
PANews reported on October 20th that Sharwa.Finance disclosed an attack and subsequent suspension of operations, according to a BlockSec Phalcon alert. However, several suspicious transactions occurred hours later, likely exploiting the same underlying vulnerability through a slightly different attack path. Overall, the attacker first created a margin account, then used the provided collateral to borrow additional assets through leveraged lending, and finally launched a "sandwich attack" targeting swap operations involving the borrowed assets. The root cause appears to be a missing bankruptcy check in the swap() function of the MarginTrading contract, which is used to swap borrowed assets from one token (such as WBTC) to another (such as USDC). This function only verifies solvency based on the account's state at the time the swap begins, before executing the asset swap. This leaves room for manipulation. Attacker 1 (beginning with 0xd356) conducted multiple attacks, profiting approximately $61,000. Attacker 2 (beginning with 0xaa24) conducted a single attack, profiting approximately $85,000.
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights
You May Also Like
Wormhole launches reserve tying protocol revenue to token
The post Wormhole launches reserve tying protocol revenue to token appeared on BitcoinEthereumNews.com. Wormhole is changing how its W token works by creating a new reserve designed to hold value for the long term. Announced on Wednesday, the Wormhole Reserve will collect onchain and offchain revenues and other value generated across the protocol and its applications (including Portal) and accumulate them into W, locking the tokens within the reserve. The reserve is part of a broader update called W 2.0. Other changes include a 4% targeted base yield for tokenholders who stake and take part in governance. While staking rewards will vary, Wormhole said active users of ecosystem apps can earn boosted yields through features like Portal Earn. The team stressed that no new tokens are being minted; rewards come from existing supply and protocol revenues, keeping the cap fixed at 10 billion. Wormhole is also overhauling its token release schedule. Instead of releasing large amounts of W at once under the old “cliff” model, the network will shift to steady, bi-weekly unlocks starting October 3, 2025. The aim is to avoid sharp periods of selling pressure and create a more predictable environment for investors. Lockups for some groups, including validators and investors, will extend an additional six months, until October 2028. Core contributor tokens remain under longer contractual time locks. Wormhole launched in 2020 as a cross-chain bridge and now connects more than 40 blockchains. The W token powers governance and staking, with a capped supply of 10 billion. By redirecting fees and revenues into the new reserve, Wormhole is betting that its token can maintain value as demand for moving assets and data between chains grows. This is a developing story. This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication. Get the news in your inbox. Explore Blockworks newsletters: Source: https://blockworks.co/news/wormhole-launches-reserve
Share
2025/09/18 01:55
CME Group plans to roll out XRP and Solana futures options in October
CME Group will roll out options for XRP and Solana (SOL) futures on October 13, with expiries available daily, monthly and quarterly, adding an extra layer of exposure for investors.
Share
2025/09/18 09:17
Hong Kong Backs Commercial Bank Tokenized Deposits in 2025
The post Hong Kong Backs Commercial Bank Tokenized Deposits in 2025 appeared on BitcoinEthereumNews.com. HKMA to support tokenized deposits and regular issuance of digital bonds. SFC drafting licensing framework for trading, custody, and stablecoin issuers. New rules will cover stablecoin issuers, digital asset trading, and custody services. Hong Kong is stepping up its digital finance ambitions with a policy blueprint that places tokenization at the core of banking innovation. In the 2025 Policy Address, Chief Executive John Lee outlined measures that will see the Hong Kong Monetary Authority (HKMA) encourage commercial banks to roll out tokenized deposits and expand the city’s live tokenized-asset transactions. Hong Kong’s Project Ensemble to Drive Tokenized Deposits Lee confirmed that the HKMA will “continue to take forward Project Ensemble, including encouraging commercial banks to introduce tokenised deposits, and promoting live transactions of tokenised assets, such as the settlement of tokenised money market funds with tokenised deposits.” The initiative aims to embed tokenized deposits, bank liabilities represented as blockchain-based tokens, into mainstream financial operations. These deposits could facilitate the settlement of money-market funds and other financial instruments more quickly and efficiently. To ensure a controlled rollout, the HKMA will utilize its regulatory sandbox to enable banks to test tokenized products while enhancing risk management. Tokenized Bonds to Become a Regular Feature Beyond deposits, the government intends to make tokenized bond issuance a permanent element of Hong Kong’s financial markets. After successful pilots, including green bonds, the HKMA will help regularize the issuance process to build deep and liquid markets for digital bonds accessible to both local and international investors. Related: Beijing Blocks State-Owned Firms From Stablecoin Businesses in Hong Kong Hong Kong’s Global Financial Role The policy address also set out a comprehensive regulatory framework for digital assets. Hong Kong is implementing a regime for stablecoin issuers and drafting licensing rules for digital asset trading and custody services. The Securities…
Share
2025/09/18 07:10