Vestra DAO Faces Cyber Attack Exploiting Staking Contract Flaw
According to ShibDaily, Vestra DAO, a decentralized autonomous organization, recently experienced a cyber attack due to a logical flaw in its token staking contract. On-chain analysts detected unusual activity involving the movement of VSTR tokens, which were stolen and valued at approximately $500,000. The hacker used the Tornado mixer to obscure the origins of the stolen tokens. Although the attack was relatively small in scale, it raised significant concerns about security risks for other platform participants.
Blockchain researcher Chaofan Schou was the first to identify the exploit and advised users to revoke permissions on their wallets to prevent further exposure. Vestra DAO acknowledged the breach in a recent post on X, confirming that they had quickly identified the issue, implemented necessary precautions, and blacklisted the compromised contract to prevent further damage. The hack resulted in the theft of 73,720,000 VSTR tokens. The compromised smart contract contained 755 million VSTR tokens, representing 1.51% of the total token supply. Despite targeting a small portion of the overall token pool, the hack led to a significant market crash, causing a substantial loss in value for the project.
The hacker acted swiftly, transferring 0.51 ETH to Beaverbuild to prioritize their transactions on the blockchain. Over several hours, the attacker flooded the network with multiple spam transactions, each involving either 520,000 or 500,000 VSTR tokens. By exploiting a logical flaw in Vestra DAO’s staking contract, the hacker received 20,000 VSTR tokens with each transaction. The attacker had previously staked their tokens in the contract about a month ago, using the time to analyze the vulnerability and devise their strategy. In a bid for rapid execution, the attacker spent $40,000 on Ethereum gas fees, temporarily becoming the largest gas spender on the blockchain.
Following the hack, the VSTR token’s price plummeted from $0.013 to $0.005 almost immediately. Although the token later saw a slight recovery, rising to $0.009, it remains highly volatile and lacks liquidity. Vestra DAO may have sufficient reserves to compensate affected users, but the incident has raised concerns about its security practices and damaged its reputation. This article is provided for informational purposes only and should not be construed as financial advice. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.