Pando Rings

Pando Rings Hack - November 5-6, 2022

Overview

Pando Rings suffered from a hack on November 5th, 2022. The DeFi protocol Pando suffered a $20 million loss when it was exploited with an oracle manipulation attack.

Attack Details

The attacker exploited a vulnerability in Pando Rings price oracle and manipulated the price of sBTC-WBTC (liquidity provider token of the trading pair BTC-WBTC on 4swap) to attempt a theft of approximately $70 million worth of crypto assets.

$21,877,098.03 worth of crypto assets including ETH, EOS and BTC were transferred out from the attacker's two perpetrating Mixin wallets before measures could be taken.

Fund Recovery

The transferred 2,022,662.9979 EOS (valuing at approximately $2,362,761.24) was frozen. For the larger rest of the hacked funds (approximately $50 million) that were still in the hacker's wallets, measures were taken with assistance from Mixin Network and the funds were frozen.

Impact

The TVL of Pando Rings took a hit of ~44% and got reduced to $49.72 million on Nov 6, 2022 from $88.57 million on Nov 5, 2022.

Sources

• Alert to Pando Community - Pando Official

• Pando Rings Hack Detailed Analysis - ImmuneBytes

• Pando exploited for $20 million - Web3IsGoingGreat

• Pando - DefiLlama