CertiK: Vow suffered $1.2m exploit, token plunged 80%

Vow, a decentralized discount voucher issuer, recently suffered an exploit that put its native token on the cusp of a collapse. 

According to a CertiK report shared with crypto.news, Vow was exploited to $1.2 million immediately after the platform tested a rate setter function on Aug. 13. 

Per Vow’s X post, the testing took a total of 15 to 30 seconds from changing the rate setter to reverting it back to its normal setting. During the test, the report says, the amount of “vUSD received per VOW token was changed from 1 to 100.”

While the team was testing the new rate for a short span of time, a bot acquired 20 million Vow (VOW) tokens, worth $6.6 million at the time of the exploit, and then swapped the tokens for Ethereum (ETH) on Uniswap V2 for a total of 452 ETH, worth $1.23 million.

Vow added that the team is working on a fix and increased the token’s burn rate to 50%. This will help VOW’s circulating supply drop to its normal level.

The exploiter still holds the ETH received from Uniswap, according to Etherscan data. 

Unlike the majority of the hacks within the crypto ecosystem, the attacker didn’t deposit the funds into a newly-created wallet. On-chain data shows that the attacker address interacted with the popular cryptocurrency mixer, Tornado Cash, around four months ago on April 23.

At this point, the VOW token is down by 80% in the past 24 hours and is trading at $0.06 at the time of writing. The asset’s market cap is currently sitting at $41 million. 

The fear around the hack triggered a 1,400% increase in VOW’s daily trading volume, taking it to the $12 million mark.

According to a Crystal Intelligence report in June, the cryptocurrency ecosystem lost roughly $20 billion to hackers and scammers since 2011. In the second quarter of 2024 alone, the industry fell victim to 72 incidents and lost $572.7 million to malicious actors.