Maiar decentralized crypto exchange goes offline after bug discovery
The DEX has been taken offline due to the discovery of the bug, and the team has implemented an “emergency fix” and update.
The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD).
Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange.
Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implementation.
In a Twitter thread posted almost 24 hours later at around 11:00 pm UTC on Monday, Mincu said a potentially critical bug was identified that opened “an exploit area that we simply had to address and mitigate immediately.”
The suspicious activities have been possibly identified and explained in a Twitter thread by pseudonymous on-chain analyst Foudres, who revealed that the potential attacker deployed a smart contract that somehow allowed them to withdraw over 1.65 million EGLD.
Three wallets were able to mysteriously withdraw 800,000, 400,000 and 450,000 EGLD, respectively, which at current prices is worth nearly $113 million in total.
The attackers were able to sell around 800,000 EGLD, worth around $54 million, which caused the price of EGLD on Maiar to plummet from $76 down to around $5. The rest of the crypto is either still held in various wallets, has been bridged to USD Coin (USDC) and Ether (ETH), or was sold on centralized exchanges.
The price of EGLD dropped 9.5% from around $74 down to a 24-hour low of $65.50 but has since slightly recovered, now trading near $68.
Mincu stated in his update that an upgrade was implemented to fix the bug and a technical explanation would be provided after clarification that the implemented solutions are tested and working.
19 comments