The blockchain security company PeckShield has raised a flag over unusual activity on Shiba Inu’s Shibarium network.
The company found leaked validator keys on Shibaswap, and the loss incurred was estimated to be 2.8 million USD in token withdrawals by Shiba Inu. This adventure has cast doubts about the safety and regulation of the Shiba Inu ecosystem.
Validator Compromise and Malicious Transactions
The exploit is seemingly due to a breach of Shiba Inu’s validator network. Tikkala Security is a Web2 and Web3 auditor that confirmed that 10 out of 12 Shibarium validators had compromised signing keys. This enabled a hacker to circumvent security and accept evil deals. The attacker used these compromised keys to withdraw funds from the Shiba Inu system.
In one case, the hacker emptied more than $1 million in a significant transaction. The fraud started by adding a corrupted root of the Merkle, which approved the executed malicious transactions. According to Etherscan data, more than 700,000 ERC-20 tokens were removed as the attack took place.
Role of Flash Loans in the Exploit
They discovered that the attacker tried to exploit the system by another means, a flash loan. The attacker was able to take control of the majority of the voting power of the Shibarium validators by borrowing 4.6 million BONE tokens in Shibaswap. Through this power, the attacker could accept an evil root state, which resulted in the exploit. The flash loan was recovered by selling property after the attack, including 224.57 Ether and billions of Shiba Inu tokens.
The Shibaswap rootchain manager contract, which authenticates withdrawal requests, enabled the attacker to tamper with requisitions forever. It has exposed the Shiba Inu ecosystem to more attacks unless prompt corrective actions are undertaken.
Criticism and Governance Concerns
The attack has made the Shiba Inu network decentralization a subject to criticism. Others have noted that other protocols have solved similar validator dominance problems better. The Shiba Inu development team is criticized because it did not respond to the governance problems fast enough, which also enabled the attack to grow.
Even following the security breach, the price of the Shiba Inu token increased slightly. As of the time of the attack, SHIB was trading at $0.00001416, which represents a 5.25% increase in 24 hours. Analysts, however, warn that the token is at very high resistance at its 200-day exponential moving average, and this may dictate its immediate price movement.
