Miner ERC-X avatar collection Suffers $466,000 Loss

Summary

On February 14, 2024, the Miner ERC-X avatar collection experienced a critical security breach on the Ethereum Mainnet, resulting in the unauthorized withdrawal of 168.8 ETH, equivalent to approximately $466,000. The root cause of this breach was a smart contract vulnerability stemming from insufficient input validation, specifically, a double-transfer flaw. This issue enabled an attacker to exploit the contract’s transfer function, effectively duplicating their token balance by executing self-transfers, which were not properly restricted by the contract’s logic.

Attackers

The identity of the attacker is unknown. The following addresses are associated with this attack:

Losses

The loss amounted to 168.8 ETH, worth $466,000 at the time of the attack.

Timeline

Security Failure Causes

  • Smart Contract Vulnerability: The core issue stemmed from a double-transfer vulnerability within Miner’s smart contract, specifically due to insufficient input validation mechanisms.