A hacker was able to make a cool $1.45 million by swapping stolen Tether (USDT) with Ethereum (ETH) tokens on Orbit Chain. The hacker’s wealth was only possible due to some smart engineering and an unfortunately misconfigured ERC20 token contract.
The hacker made their move on June 25th when they sent some 10,000,000 USDT to orbitchain’s USDT-E20 contract. The token contract was misconfigured to allow anyone with 1 EVT (Ether View Token) to become an “owner”.
The hacker used this exploit to add themselves as an “owner” and then transferred the 10M USDT to the orbitchain’s ETH-E20 contract. This allowed them to mint 10,000 ETH (10M USDT is worth around 9,850 ETH). The hacker then transferred the ETH to Uniswap and sold it for USDT— netting them $1.45 million in profit.
Fortunately, Orbit Chain was able to track the hacker down using their on-chain analysis tools and have now taken action to freeze the culprit’s funds. The developer of the contract has also taken measures to prevent future exploits of this type.
The incident serves as a reminder of the importance of vigilantly monitoring smart contracts and ensuring they are configured correctly— and the potential for criminals to take advantage of poorly secured blockchain systems.