The new Arbitrum-based El Dorado Exchange (EDE) was exploited for around $580,000. In an interesting twist, the attacker claimed to be a whitehat who was exposing that the developers had “implemented a backdoor that allowed them to force liquidate any position they desired. This activity involved intentionally signing incorrect prices to manipulate users’ positions and steal their funds”.
The attacker promised to return all funds, minus a 10% “white hat fee”, if the developers “admit to manipulating the prices”, and also offered to disclose other vulnerabilities they claimed to have found in the project.
The project founders wrote in response: “Yes we acknowledge making an ill-advised decision to manipulate the price. However our intention was to blacklist those who had previously exploited the system, fully aware that all transactions are recorded on the blockchain. We did not aim to misappropriate users funds as this would leave a traceable record. We will promptly remove the problematic bomb contract.”
The exploiter began returning funds shortly afterwards.
