The hacker said on Twitter that he discovered the backdoor and managed to withdraw about $580,000 worth of assets from El Dorado Exchange (EDE) to Arbitrum with minimal investment in the ELP-1 liquidity pool.
According to Res, EDE developers implemented a backdoor that allowed them to liquidate any position at will, as well as specify unreliable prices of crypto-assets in order to manipulate positions and steal users’ funds.
New message says:
“ede admins created a bot to force liqudate any position of their choice whenever they like. ask the admins about it, see if they lie to you. “https://t.co/chZG714BZ7https://t.co/89EdZ39ejK
– Res (@resdegen) May 29, 2023
Res said that if the developers acknowledge price manipulation, he would give the assets back, less a 10% commission.
According to the media, EDE officials have not yet given any response.
However, citing anonymous sources, it is reported that the team of the exchange admitted the possibility of price manipulation, but with the good purpose – to blacklist potential hackers and protect users’ assets.
Earlier, white hackers helped DeFi Deus Finance (DEI) discover a vulnerability in DEI’s Stablecoin smart contracts and took out $1.3 million on the BSC network and over $5 million on the Arbitrum network.