In October 2024, CryptoBottle on Polygon was exploited on three separate occasions with combined losses totalling ~$527k. In the latest incident on 24 October, the largest of the three, an attacker exploited a critical vulnerability to disable a balance check in the swap() method after callback, and made arbitrary swaps to acquire a large amount of NAS tokens which they then sold to drain the project of ~$490k USDT.
10/31/2024