Shido token dives over 90% after Ethereum staking contract exploit
A security breach on the layer-1 blockchain Shido has led to a dramatic drop in its token value, plunging by over 90% within a mere half-hour period.
The incident occurred after an exploit was detected, with blockchain security firm PeckShield first reporting the anomaly on Feb. 29 through a social media post on X.
Further analysis by PeckShield revealed that the exploit involved the unauthorized transfer of the blockchain’s Ethereum staking contract to a different address. The new owner subsequently modified the contract with a concealed function that facilitated the withdrawal of staked tokens.
According to PeckShield’s findings, the exploiter succeeded in extracting more than 4.3 billion Shido tokens, which accounts for nearly half of the token’s circulating supply of almost 9 billion, as reported by cryptocurrency data aggregator CoinMarketCap. Prior to the exploit, the market value of these tokens was estimated at around $35 million.
On-chain researcher ZachXBT, in a post on X, disclosed the identification of the exploiter’s address. This address had received funding via the cross-chain protocol Layerswap before receiving additional funds from the Arbitrum blockchain.
ZachXBT’s investigation also suggested the discovery of the real identity behind the wallet that funded the exploiter. However, it appears that the funding wallet itself had been compromised, as indicated by an unexpected transfer of its assets prior to funding the exploiter.
Shido, which operates on a proof-of-stake consensus mechanism, has yet to inaugurate its mainnet, with an announcement on Feb. 24 hinting at a launch scheduled for the following week.
The SHIDO token, based on the Ethereum ERC-20 standard, offers staking opportunities on its associated decentralized exchange (DEX) with a promised annual yield of 8%.
The breach on Shido is part of a broader trend of crypto-related security incidents. Over the previous year, the cryptocurrency sector experienced more than 600 hacks, resulting in losses exceeding $2.1 billion. This figure marked a nearly 30% decrease from the losses recorded in 2022. Despite this decline, the current year has already witnessed 30 attacks in January alone, with losses amounting to $182.5 million.
Meanwhile, February is shaping up to be a significant month for security breaches in the crypto space, highlighted by a $290 million theft from PlayDapp, along with several million dollars lost to wallet breaches and phishing scams.