Project name: unshETH
Project type: Staking
Date of exploit: June 1, 2023
Asset loss: $375,000
Vulnerability: Private key leak
Date of audit report publishing: 03/23/2023
Conclusion: Out of audit scope
unshiETH is a staking platform that allows users to stake ETH and earn yield and swap fees. The exploited contract unshiETH Farm contains users’ unshiETH for farming.
The attacker compromised the private key of the unshiETH, which allows the attacker to withdraw the asset from the protocol.
On Jun 01, 2023, the staking platform unshETH was attacked, leading to a loss of around $375,000. According to the unshETH team, they mistakenly leaked their private key to Github, which allows users to withdraw unshETH from the contract. It was due to a human error of the private key management, which should be out of the audit scope.