As per the recent development, RocketSwap has outlined an emergency plan to recover from an attack that swept $825K from the platform. The team took the situation to X and explained its plans of redeploying an entirely new farm contact and open-source it on-chain, surrendering all minting rights, and even talked about calling out to the hackers responsible for the return of the stolen funds. As per the information shared by the blockchain security firm, PeckShield, the exploiter stole almost 471 ETH and bridged the amount from Base to Ethereum.
The emergency programme agreed upon by the team is as follows.
1. We plan to redeploy a new farm contract by dropping the proxy contract and open sourcing it on-chain.
2. The new farm will advance the production reduction plan by 0.075 per block.
3. The team relinquishes…
— RocketSwap (@RocketSwap_Labs) August 15, 2023
Not too long after taking the step, the exploiter then proceeded to create almost 90 trillion LoveRCKT tokens and transferred all of them along with 400 ETH tokens to Uniswap. Furthermore, the RocketSwap team continued to explain that they would continue to roll out Launchpad as planned initially, along with further updates. The locked initial liquidity along with 80K tokens would be extended for up to one year. RocketSwap clarified that Telegram groups would be reopened for the common users as soon as the ongoing situation stabilizes.
Developments Following the Investigation Carried out by RocketSwap
The attack inevitably resulted in a negative effect on the trading price of the native token, RCKT. At the time of writing, the token has suffered a decline of a staggering 60.90% within the previous 24 hours. The major decline has pushed the trading price of the RCKT token down to approximately $0.6806, and the market cap of the token currently stands at the $788 million mark. Analysts have concluded that the event can be deemed as one of the worst exploits experienced this year so far.
RocketSwap confirmed the news of the exploit on X, and CertiK and PeckShield shared additional details surrounding the exploit not too long after. RocketShield explained that its team needed to use offline signatures when deploying the launchpad along with private keys on the server. As a result of the detection of the attack along with the proxy used for the farm contract, there were several high-risk permissions that set the stage for the transfer of the firm’s assets.
The firm has now shut down the farm in an effort to prevent additional potential damage. Currently, RocketSwap has announced that the loss of the farm assets is the only point of concern as the DEX has not been affected in any way possible.