Meitar Yavneh
Data and Threat Analyst
Date/Time
10.1.2023
14:03:48
All Posts

Jaypeggers Exploit

On December 29, 2022, Jaypeggers, a tax-loss harvesting app for NFTs, suffered a reentrancy attack that resulted in the theft of 15.32 ETH, worth approximately $18,000. The stolen funds were cashed out through Tornado Cash and Aztec. The Hypernative system was able to detect the attack and notify the Jaypeggers team in real-time, providing assistance in the investigation.

TL;DR

On December 29, 2022, Jaypeggers, a tax-loss harvesting app for NFTs, suffered a reentrancy attack that resulted in the theft of 15.32 ETH, worth approximately $18,000. The stolen funds were cashed out through Tornado Cash and Aztec. The Hypernative system was able to detect the attack and notify the Jaypeggers team in real-time, providing assistance in the investigation.

Tweet by @jaypeggerz - Dec 29, 2022
Tweet by @hypernativeLabs - Dec 29, 2022

Attack Analysis

First, the attacker’s address received anonymous funds through Tornado Cash, avoiding KYC’d funds sources. The Hypernative platform detected this transaction and alerted the address receiving funds from a mixer.

Next, the attacker prepared its tools for the attack and deployed its contract. The use of a contract enables the execution of more complex logic, such as multiple actions, through a single transaction, which is difficult to perform from an address that is not a contract (EOA).

About 3 minutes later, the attack was executed through the contract as follows:

  1. The attacker began the attack transaction with a flash loan, borrowing 72.5 WETH.
  2. The attacker then bought 13,584 JAY with 22 WETH.
  3. The remaining borrowed WETH (50.5 WETH) was used to call the buyJay function , which, due to a lack of validation, allowed the attacker to insert their own malicious contract as if it were an ERC-721 token.
    The buyJay function then called the transferFrom function of the provided token, which was actually the attacker's malicious contract. This enabled the attacker to reenter the contract by calling the sell function of the JAY contract, allowing them to sell JAY tokens using a miscalculated price, and thus profit.
  4. At last, the attacker returned the flash loan and ended up with a profit of 15.32 WETH.

The stolen funds were cashed-out through Tornado Cash and Aztec.

The Hypernative system detected the deployment of a malicious contract and the exploit in real-time. Our team immediately contacted the protocol and worked with them to help them prevent further loss.

The Hypernative platform continuously monitors all blockchain activity, as well as other sources, providing operational and security monitoring capabilities to protocol teams, with out-of-the-box detections to proactively warn against hacks and exploits even before they are launched, allowing timely response and mitigation. The detected risks cover multiple aspects of protocol activities, including Governance, Financial, Security, Technical and other risks.

For more information about the Hypernative platform, please contact us at info@hypernative.io

Related Content
General
Why Web3 Security Needs to Move Beyond Audits
Hypernative's co-founder Gal Sagie joins Chainalysis CMO Ian Andrews on the Public Key podcast
Partnerships
Fyde Switches On Real-Time Protection With Hypernative Platform
Fyde is enhancing its security by monitoring operations, crafting pre-incident strategies and ensuring rapid response with Hypernative's critical alerts and automated actions
Partnerships
Kinto Partners With Hypernative to Upgrade Protocol Security
Hypernative's real-time monitoring and response solution secures Kinto's blockchain, bridges, oracles and more
Logo Hypernative

New Way to Secure and Monitor Web3

Detect attacks in-progress and prevent losses in real time, protect against security (hacks/exploits), governance and financial risks with actionable insights

Free Trial
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© Hypernative 2024
Privacy Policy