On November, the 2nd 2020. Axion Network, a decentralized financial currency network launched its currency AXN on mainnet. With a claim that it will be the most profitable blockchain of it’s kind to date. Axion had a total of five audits, three technical and two economical. The Axion Foundation and the audit firms confirmed the code security.
A company named RocknBlock was hired by The Axion Foundation. They were responsible to build and deploy Axion’s new currency. Rock'n'Block company gave the deployment permission to one of their subcontractors. The subcontractor named Ilya Maximovich Solovyanov injected malicious code in the audited code right before deployment.
After a few hours of deployment, according to Axion Network, that very subcontractor used the exploit to mint 79 Billion tokens. Thus, draining the Axion Uniswap liquidity pool.
The attacker netted 1300 ETH, worth an estimated $520,390 at the time of writing this publication.
To learn more about what kind of attack took place, Read.
“We have concluded that the attack was likely planned from the inside, involving an injection of malicious code at the time the code was deployed by altering code from OpenZeppelin dependencies.” - CertiK
“One of the engineers consciously substituted the code
(which was tested and audited) for his own code containing the vulnerability.” - RocknBlock
To prevent similar attacks in the future, A possible solution would be that Etherscan should have an option to compare the byte code of contracts that went through an audit, with the byte code of the smart contracts that already went through the process of deployment. By comparing the byte codes, it can be ensured that the audited contract code and deployed code are the same.
Read our latest Case Study on XIO Token Swap
Xord is a Blockchain development company providing Blockchain solutions to your business processes. Connect with us for your projects and free Blockchain consultation at https://xord.solutions/contact/