HaloDAO

Quick Summary

Xave Finance was exploited and the hacker was able to mint over 99% of the $RNBW token's original supply. The accident dropped the
token price by more than 99%.




Details of the Exploit

Xave Finance also known as HaloDAO is a platform that aims to provide DeFi operations to traditional financial institutes. $RNBW
is an ERC20 token of the project, that is listed on Coinbase. The hacker deployed a smart contract to exploit the DaoModule
contract and executed the proposal to take ownership of the contract. Consequently, the attacker minted 100,000,000,000,000 $RNBW
tokens to his address and swapped them for 89,000,000,000,000 $xRNBW tokens. All the stolen amounts sit at the hacker's address at
the moment, and their value is unknown.




Block Data Reference

Attacker address:

https://etherscan.io/address/0x0f44f3489d17e42ab13a6beb76e57813081fc1e2




Malicious contract:

https://etherscan.io/address/0xe167cdaac8718b90c03cf2cb75dc976e24ee86d3




Malicious transaction:

https://etherscan.io/tx/0xc18ec2eb7d41638d9982281e766945d0428aaeda6211b4ccb6626ea7cff31f4a