Cybersecurity experts from Blockaid have reported that Ambient Finance has potentially fallen victim to a serious hacking incident.
Ambient Finance, a decentralized cryptocurrency exchange that recently rebranded from CrocSwap and is backed by notable investors, has suffered a front-end attack, allowing hackers to implant malicious code, according to Blockaid’s revelation on October 17.
In an urgent advisory, Blockaid warned users connected to Ambient Finance to halt all transaction activities and interactions with the decentralized application (dApp) until the situation is resolved. The security firm is expected to provide further updates soon.
In a subsequent confirmation, the Ambient Finance team acknowledged the hacking incident on their Discord channel and stated that they are actively investigating the matter. The full scope of the attack is still unclear, and it remains uncertain whether any users have lost funds. Users are being urged to avoid any interactions with the platform to mitigate the risk of unauthorized access to their assets.
Blockaid has indicated that the attackers are employing the Inferno Drainer toolkit and have established a command-and-control server specifically tailored for this operation.
This incident occurs shortly after Radiant Capital, another decentralized finance project, reported significant losses exceeding $50 million due to an attack by unidentified perpetrators. A web3 security startup suggested that this breach may have stemmed from a backdoor contract deployed on the BNB Chain network.
Ambient Finance, established in 2021, successfully secured over $6 million in seed funding in 2023, reaching a valuation of $80 million. The funding round was spearheaded by highly regarded investors and included contributions from various venture partners.
