Create 2024-02-14-Miner.md (#381)

* Create 2024-02-14-Miner.md * Update 2024-02-14-Miner.md fix timeline * Update 2024-02-14-Miner.md * Update 2024-02-14-Miner.md * Update 2024-02-14-Miner.md * language cleanup --------- Co-authored-by: Evgeny Dmitriev <[email protected]>
1712n · Apr 8, 2024 · d256e11 · d256e11
1 parent 76a85cb
commit d256e11
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/content/attacks/posts/2024-02-14-Miner.md b/content/attacks/posts/2024-02-14-Miner.md
@@ -0,0 +1,37 @@
+---
+date: 2024-02-14
+target-entities: Miner ERC-X
+entity-types:
+  - NFT
+  - Token
+attack-types: Smart Contract Exploit
+title: "Miner ERC-X avatar collection Suffers $466,000 Loss"
+loss: 466000
+---
+
+## Summary
+
+On February 14, 2024, the Miner ERC-X avatar collection experienced a critical security breach on the Ethereum Mainnet, resulting in the unauthorized withdrawal of 168.8 ETH, equivalent to approximately $466,000. The root cause of this breach was a smart contract vulnerability stemming from insufficient input validation, specifically, a double-transfer flaw. This issue enabled an attacker to exploit the contract's transfer function, effectively duplicating their token balance by executing self-transfers, which were not properly restricted by the contract's logic.
+
+## Attackers
+
+The identity of the attacker is unknown. The following addresses are associated with this attack:
+
+- [0xea75aec151f968b8de3789ca201a2a3a7faeefba](https://etherscan.io/address/0xea75aec151f968b8de3789ca201a2a3a7faeefba)
+- [0xc181de2f3b0976c266fd5d5d58e101e365f34a70](https://etherscan.io/address/0xc181de2f3b0976c266fd5d5d58e101e365f34a70)
+
+## Losses
+
+The loss amounted to 168.8 ETH, worth $466,000 at the time of the attack.
+
+## Timeline
+
+- **February 14, 2024, 01:48 PM UTC:** [An attack transaction ](https://etherscan.io/tx/0x75e3aeb00df69882a1b15d424e5e642650326ca3b923d7fd1922d57c51bc2c78) occurred.
+- **February 14, 2024, 03:04 PM UTC:** Miner Team sent an [on-chain message](https://etherscan.io/tx/0x27a01149b321eaab0b16d488aefaffa04517a5cf73397b1bbcb8192a4db692ae) to the attacker to negotiate the return of the stolen.
+- **February 14, 2024, 02:29 PM UTC:** Miner Team [reported](https://twitter.com/minerercx/status/1757773942285054085) about exploit.
+- **February 14, 2024, 03:39 PM UTC:** The Miner token price [fell by 82%](https://www.binance.com/en/feed/post/2024-02-14-erc-x-project-miner-reports-contract-vulnerability-token-price-plummets-4113377689441).
+- **February 18, 2024, 04:22 PM UTC:** The team [announced a relaunching](https://twitter.com/minerercx/status/1759252047332073726).
+
+## Security Failure Causes
+
+- **Smart Contract Vulnerability:** The core issue stemmed from a double-transfer vulnerability within Miner's smart contract, specifically due to insufficient input validation mechanisms.