Axion Network Incident Report

Published on: Nov 05, 2020

Nov 05, 2020

The Beginning:

On November, the 2nd 2020. Axion Network, a decentralized financial currency network launched its currency AXN on mainnet. With a claim that it will be the most profitable blockchain of it’s kind to date. Axion had a total of five audits, three technical and two economical. The Axion Foundation and the audit firms confirmed the code security.

A company named RocknBlock was hired by The Axion Foundation. They were responsible to build and deploy Axion’s new currency. Rock'n'Block company gave the deployment permission to one of their subcontractors. The subcontractor named Ilya Maximovich Solovyanov injected malicious code in the audited code right before deployment.

The Exploit:

After a few hours of deployment, according to Axion Network, that very subcontractor used the exploit to mint 79 Billion tokens. Thus, draining the Axion Uniswap liquidity pool.
The attacker netted 1300 ETH, worth an estimated $520,390 at the time of writing this publication.

To learn more about what kind of attack took place, Read.

“We have concluded that the attack was likely planned from the inside, involving an injection of malicious code at the time the code was deployed by altering code from OpenZeppelin dependencies.” - CertiK

“One of the engineers consciously substituted the code
(which was tested and audited) for his own code containing the vulnerability.” - RocknBlock

Possible Solution:

To prevent similar attacks in the future, A possible solution would be that Etherscan should have an option to compare the byte code of contracts that went through an audit, with the byte code of the smart contracts that already went through the process of deployment. By comparing the byte codes, it can be ensured that the audited contract code and deployed code are the same.

Read our latest Case Study on XIO Token Swap

Xord is a Blockchain development company providing Blockchain solutions to your business processes. Connect with us for your projects and free Blockchain consultation at https://xord.solutions/contact/

Written by

Researcher. Blockchain Enthusiast. ZK Maximalist. Interested in scalability and privacy-preserving.

Similar Articles

January 9, 2021
Author: Zainab Hasan
January 28, 2021
Author: Zainab Hasan
March 15, 2021
Author: Zainab Hasan
1 2 3 16

Get notified on our latest Web3 researches and catch Xord at a glance.

    By checking this box , I agree to receive email communication from Xord.

    We research blockchain core and infrastructure while developing products for the Web3 ecosystem in addition to providing blockchain development services, audit & tokenomics, along with design in the Web3 space.

    © 2023 | All Rights Reserved
    linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram