The hacker was able to exploit a bug in the protocol’s smart contract and minted 40 quintillion tokens. The hacker then liquidated around $4 million using 1inch exchange to access all DEXs.
After shitting their pants from realizing what happened, Cover tweeted out:
The team is still investigating the current incident. The exploit is no longer possible.— Cover Protocol (@CoverProtocol) December 28, 2020
The exploit is no longer possible. Please do NOT buy $COVER tokens, and remove your liquidity from the COVER/ETH pool on sushiswap.
CLAIM/NOCLAIM balancer pools are unaffected
Once Cover cleaned up the mess they made in their pants, they began cleaning up the mess the hacker made with their token and announced on their Discord, “The Blacksmith farming contract has been exploited to mint infinite $COVER tokens. We have restricted minting access to the farming contract in order to stop the attacker. If you are providing liquidity for $COVER token (uniswap or sushiswap) please remove it immediately.” That’d be nice if there was any liquidity left to remove.
The exploit resulted in COVER’s value to plummet 99%.
Hours after the exploit was reported, Grap Finance took responsibility for the exploitation, and left a note for all to see on a tweet and in the input data of the ETH transaction,
“Next time, take care of your own shit.”
Grap Finance returned all the liquidated funds after realizing the opportunity he was presented with.
Hackerman comes forward
The question is, was Grap Finance acting as a Chad or using this exploitation to pump its bags? The GRAP token spiked by about 5,000% reaching around $0.72, right after Grap Finance claimed responsibility for the exploit.
New Year, New Cover, Introducing Cover 2.0
Cover Protocol came out with a compensation plan for token holders affected by the exploit. Cover said, “The snapshot will be taken at block 11541218, one block before the first major exploited mint.”
According to the compensation plan, token holders will receive a new COVER coin on a one-to-one ratio and liquidity providers on CEX’s will also receive new COVER tokens. This compensation rekts all the traders that bought tokens after the exploitation happened making their coins as worthless as $RIFT/$DARKM… “Adios Monies”
Binance also announced a compensation plan for Binance users that were affected by the exploit. Except this compensation plan is mainly for people who traded COVER after the snapshot, and Binance has allocated $10 million to this compensation.
Hello everyone, we are exploring providing a NEW $COVER token through a snapshot before the minting exploit was abused. The 4350 ETH that has been returned by the attacker will also be handled through a snapshot to the LP token holders.We are still investigating. Do NOT buy COVER— Cover Protocol (@CoverProtocol) December 28, 2020
If we learned anything from 2020, what is the point of insurance coins if they just get hacked?