Vee Finance Hack

On the 21th September, almost USD 34 million was stolen from the DeFi platform Vee Finance on the Avalanche blockchain.  

Tokens that were stolen included XAVA, QI and LINK.e were swapped to WETH.e, so that they could be put through cross-chain transactions to ETH and then later to BTC via bridges.

Coinfirm’s analysis found the exploiter passing funds on the BTC network through a number of wallets to obfuscate the flow of funds with the funds now dispersed across a number of wallets shown in the image below in green. The wallet in red is the exploiter’s wallet where the funds first went to through the Ren ETH-BTC bridge. However, most of the funds (USD ~25 million) remain in ETH on the hacker’s address, 0xEe33902b81eb4b4A6988EB4Ebbf7E9A72fd2E0B6, after being sent from 0xeeeE458C3a5eaAfcFd68681D405FB55Ef80595BA.

The best tool to follow stolen funds with real-time alerts of their movements is Coinfirm’s new tool, C-Live, for asset recovery, dispute services and risk and due diligence (graph click-through tools are not suitable to solve a crime where extensive mixing is used).

The attacker on ETH received the first funds from Tornado.cash, a crypto mixer, to their wallet initially, making it hard to identify if the hacker had been involved in other exploits.

An audit was performed by Certik in May 2021, but only on the Ethereum chain. Another audit that was conducted by SlowMist on the Avalanche chain a few weeks before the exploit did draw attention to the PangolinRouter as a critical slippage check issue, stating that “In the SwapHelper contract, users can swap tokens through the swapERC20ToETH function, swapETHToERC20 function, and swapERC20ToERC20 function. It will use the PangolinRouter to call the target DEX for swap, but the minimum number of received tokens passed in is 1, which will pose risks such as sandwich attacks. And when the order is executed, token swap will still be carried out, and malicious users can use the slippage issue caused by the order execution to carry out arbitrage attacks.” The suggested option given by SlowMist to Vee Finance was to fix the solution by “compare[ing] the number of tokens in the pool with the price of the off-chain oracle when creating an order to check slippage.”

Vee Finance stated in a recent blog post that “The main cause of the accident was that in the process of creating an order for leveraged trading, only the price of the Pangolin pool was used by the oracle as the source of price feed, and the pool price fluctuated more than 3%. The oracle refreshed the price, causing the attacker to manipulate the price of the Pangolin pool. Manipulating the price of the Vee Finance oracle machine and the acquisition of the oracle machine price were not processed for decimals, resulting in the expected slippage check before the swap did not work.”

The fact that the critical issue that was raised during the code audit seems to have been exploited is noteworthy (in addition, Pangolin was integrated with Vee Finance before the audit by Slowmist took place). Last week Coinfirm noted the importance of bug bounty programs and other options to help strengthen financial consumer protection.

After the exploit, Vee Finance’s team suggested to the attacker – via blockchain messages – that they could create a bug bounty program for the ‘test’: “Hi, Mr./Mrs. White Hat, This is Vee.Finance team again, the $35M worth assets are from our users, a lot of people suffered the loss. We’d like to give you a bounty for the security test, please contact us in any way you like, our email is contact@vee.finance. We can also exchange our public key for encrypted messaging.”

Check out the AML Risk Enhanced Report generated by Coinfirm’s AML Platform for the attacker’s address – 0xeeeE458C3a5eaAfcFd68681D405FB55Ef80595BA – below. The addresses associated with this exploit as well as the recent pNetwork and Bitcoin.org exploits from last week have been added to Coinfirm’s database of illicit crypto activity.