TheStandard.io

Quick Summary

TheStandard.io exploited through price manipulation on Arbitrum, resulting in a temporary loss of 264,000 USD worth of USDC.e and
EURO.




Details of the Exploit

TheStandard.io, a project running on multiple chains including Arbitrum, fell victim to a sophisticated price manipulation attack
on November 7, 2023. The attacker leveraged the low liquidity of Paxos on Uniswap on the Arbitrum network, manipulating the price
of Paxos Global gold to cents. By controlling the majority of liquidity in the PAX Gold (PAXG) pool, the attacker deposited 10
Wrapped Bitcoin (WBTC) as collateral in a smart vault and borrowed the maximum amount of EUROs without getting liquidated. The
manipulated low price of PAXG caused the vault to register as undercollateralized, allowing the attacker to access the borrowed
EUROs. They used these funds to drain liquidity from the EURO/USDC.e pool on CamelotDEX, further profiting from the attack. Most
of the drained funds were made up of protocol-controlled values. However, the attacker returned the stolen funds on November 9,
2023.