Earlier today a vulnerability in the DeFi Saver Exchange was disclosed to our team.
All funds (~$30k) affected by the vulnerability are safe and will be returned to their owners. We performed a white hat attack to move affected funds to a smart contract from where the funds can only be withdrawn by their original owner addresses.
These two smart contracts were deployed and used to (1) move funds and (2) keep them for their owners until withdrawal:https://etherscan.io/address/0x9523fe0d1d488cafddfb3dce28d7d177dddbc300 https://etherscan.io/address/0xe05b162cd6571e825484ae95a93bfac02e64b05a
During the process a number of our transactions were front-run by arbitrage bots that detected these incoming transactions, but all of the funds collected by these bots have since also been returned.
No other part of DeFi Saver was affected by this vulnerability. Our Automation system, as well as MakerDAO, Compound and Smart Savings dashboards are not affected by this vulnerability in any way.Securing your account
If you ever used the DeFi Saver Exchange to swap tokens, please go to http://app.defisaver.com/safeguard/ and remove approvals for all listed tokens and contracts.
Removing approvals will secure your account from being affected by this vulnerability.Retrieving funds
If your funds have been moved from your wallet, please take these steps to recover them:Go to: http://app.defisaver.com/safeguard/ Remove approvals for all listed tokens and contracts Click the Withdraw button to withdraw any moved funds
Once these approvals have been removed, your account can no longer be affected by this vulnerability in any way.
If funds were moved from your wallet, but you are not able to withdraw them through the interface, please contact us in our Discord or via Twitter DMs.
We will share more details about the vulnerability as well as steps...