Poolz Finance Exploited for Nearly $400,000, Smart Contract Reinitialized

The launchpad project Poolz Finance (POOLZ) was exploited on BNB Chain and Polygon, resulting in a loss of nearly $400,000 and necessitating the reinitialization of its smart contract.

Poolz Finance Exploited for Nearly $400,000, Smart Contract Reinitialized

On March 15, an attack targeting Poolz Finance's launchpad on BNB Chain and Polygon resulted in the loss of $390,000 across various cryptocurrencies.

The incident was first reported by on-chain investigator PeckShield. Following their investigation, PeckShield determined that the exploit was due to an "arithmetic overflow" in the smart contract—a fundamental error that occurs when a calculation produces a result exceeding the maximum amount that can be stored.

Hackers exploited this vulnerability to siphon funds from the protocol through a repetitive transaction pattern within the Token Vesting contract, according to PeckShield's observations.

Upon realizing the issue, Poolz Finance announced that their team is in the process of "rebuilding" a new smart contract while preserving the liquidity levels that existed before the hack. Users will be airdropped an amount equivalent to their holdings.

The project has since withdrawn its existing liquidity from DEXs like Uniswap and Pancakeswap. Additionally, Poolz has flagged the hacker's address and frozen the stolen POOLZ tokens on the ChainPort bridge.

• Hacker address has been flagged on the explorers.
• A complete freeze has been imposed on all POOLZ porting on the ChainPort bridge.
• Remaining liquidity has been removed from Uniswap and Pancakeswap.

— Poolz Finance | We’re Hiring! (@Poolz__) March 15, 2023

Users are advised not to interact with Poolz's smart contract as it may result in the loss of funds.

In response to the negative news, the price of POOLZ has plummeted from $4.10 to $0.137, a drop of over 96%.