Need help determining how my Smart Contract was hacked and balance drained

5 points

briandilley

8 years ago

My Smart Contract: https://etherscan.io/address/0x5cee173ee3a9568a4d66d882d78fdf5724251e82

Here's what i've been able to gather so far:

--------------------------------------------------

Hacker's wallet

https://etherscan.io/address/0xf4c6bb681800ffb96bc046f56af9f06ab5774156

- Jul-11-2018 03:04:12

https://etherscan.io/address/0x740786a45e8f8d0f8e38dad03f0074ccbc138e93

Created this exploit contract

- Jul-11-2018 03:04:56

https://etherscan.io/tx/0x1486b26af65bd8c4c0054a177c6a4b73ea1fedca1928cfe511153abe091caf1f

Then called the method Bet() on the explout contract which transfered 0.5 ETH to my contract:

- Jul-15-2018 08:56:38

https://etherscan.io/tx/0xeae5c502b046693f46e66fa7f53ac8840d2028a22c3b2b4b7469b16a9b4ffa27

Then the wallet initiated a transaction of 0 eth to the exploit contract resulting in this transaction that caused my contract to make a number of internal transactions to Oraclize

- Jul-15-2018 08:57:23

https://etherscan.io/tx/0xef0641ff010e7d925bd3f9bed2f299465d06a3aed1e3be78f2e6e1cd29e56121

Another of the previous transactions

- Jul-15-2018 09:02:52

https://etherscan.io/tx/0xbdb6add293d5405e6e7311197d7d96fb744f5fad8ec41eb2bdd6c0422414173a

Then the wallet called the method getETH() on the exploit contract which transfered 0.794100662427911166 from my contract to the hacker's wallet

So far it seems they're exploiting something in Oraclize? I'm not really sure.

--------------------------------------------------

reddit url:

https://www.reddit.com/r/solidity/comments/93qrhw/my_smart_contract_was_hacked_and_its_balance_was/

1 comment