Lendhub Hacked for $6 Million

Summary

A hacker exploited a vulnerability in the LendHub protocol to steal approximately $6 million in digital assets. The vulnerability was caused by the existence of two IBSV tokens on the platform, one of which had been deprecated but not removed. The attacker was able to mint and redeem tokens in the old market while borrowing against them in the new market, ultimately making off with the majority of the assets on the platform.

Attackers

The attackers behind the Lendhub hack remain unidentified.

Losses

Lendhub lost approximately $6 million.

Timeline

Security Failure Causes

  • Dev Team Negligence: The main reason was overlooked deprecated token from the market. This made it possible to mint and redeem tokens on the old market, while simultaneously borrowing money against them on the new market