Hacker exposes El Dorado Exchange price scam

A mysterious attacker returns the stolen funds after the trading platform admitted to using tools to manipulate prices.

A hacker attacking a computer
El Dorado’s hacker reportedly earned over $100,000 from the exploit

Today, the crypto-influencer with the Twitter nickname Res published a report about a recent hack of the Arbitrum-based trading platform El Dorado Exchange (EDE). Although the Web3 community is used to regular exploits, this attack seems to be quite unique, as the hacker claims to be a white hat whose sole intention was to expose a crypto exchange fraud scheme.

Read also: The Tornado Cash community has made a new proposal to fix the recently exploited security vulnerability

The person behind the hack believes that the El Dorado Exchange developers "created a bot to force liquidate any position of their choice whenever they like." The hacker left this message after withdrawing $580,000 earned from a small deposit in the ELP-1 pool on Arbitrum. "Ask the admins about it, see if they lie to you," the hacker added in a message.

The attacker further explained the bot's work, saying, "The developers implemented a backdoor that allowed them to force liquidate any position they desired. This malicious activity involved intentionally signing incorrect prices to manipulate users’ positions and steal their funds." The hacker claimed, "All trades that were executed were using prices signed/produced by the devs. Anyone could have taken advantage of these prices and easily emptied the entire ELP pool with just a few transactions."

Despite gaining significant loot, the anonymous person promised to return the stolen funds. However, there were two conditions. The attacker wanted the El Dorado Exchange team to admit to manipulating prices and also demanded a 10% white hat fee. The attacker promised to "bring to light additional vulnerabilities that exist" for this reward.

The hacker had returned $334,000 out of the stolen funds even before the reply from El Dorado Exchange and the rest of the funds when the company sent its message. Still, it is reported that with the 10% fee and the additional reward offered by El Dorado Exchange, the hacker earned around $104,000 worth of cryptocurrency from the exploit.

Read also: General Bytes' hot wallets compromised, at least $1.5 million stolen

A leading blockchain security firm PeckShield also investigated this unusual case and concluded that the price feed is "indeed manipulated by the EDE Finance developers."

This case seems to be even more controversial, as some Twitter users noticed that the messages left by the hacker came from different addresses.

At press time, there was no official statement from El Dorado Exchange on Twitter about the hack. However, the company has responded to the hacker. "Yes, we acknowledge making an ill-advised decision to manipulate the price. However, our intention was to blacklist those who had previously exploited the system, fully aware that all transactions are recorded on the blockchain. We did not aim to misappropriate user funds, as this would leave a traceable record," the El Dorado Exchange team explained, promising to "promptly remove the problematic bomb contract."

At the same time, the trading platform agreed to the hacker's terms and also offered the attacker 5% of the team's token allocation.

Needless to say, the hacker's messages aroused growing suspicion among El Dorado Exchange users, who demanded an official announcement of the hack and more information about the bot from the team behind the exchange.

Meanwhile, another Arbitrum-based project, Jimbos Protocol, was hacked for $7.5 million.

Read also: Beware of Inferno Drainer: a new crypto scam is on the rise, $6 million stolen so far

"It appears today's Jimbos Protocol hack leads to the 4090 ETH loss (about $7.5M ). This hack is due to the lack of slippage control of the liquidity-shifting operation - such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in a reverse swap for profit," PeckShield announced in a tweet on May 28.

Jimbos Protocol referred to the hacker in a tweet the same day, asking for the return of the funds in exchange for a lucrative sum of money, while also threatening the attacker with the police if they do not comply with the platform’s terms. "To the attacker: keep a fast $800,000 payday, and live to tell the tale. We won't pursue you if you send back the 90%. But if you don't, we won't stop until you're behind bars. You can open communications with us at Helloitsjimmy@proton.me," the protocol's team tweeted.

Yesterday, the protocol once again tried to catch the hackers’ attention with a tweet, saying "Over the past 24 hours, we’ve been working with security experts, bridges, and exchanges. Thanks to their help, we have identified promising leads, and one in particular. We hope the attacker will 'voluntarily' cooperate - before they have no choice but to once we pass their info."

Interestingly, some members of the crypto community feel that it is unfair to call hackers who exploit vulnerabilities "attackers" because they "take advantage of the token as it was built."

The recent hacks prove once again how much the safety of funds depends on the trustworthiness of cryptocurrency trading and storage platforms, as well as the professionalism and cybersecurity expertise of their developers.