Thoreum Finance Attack Analysis

ThoreumFinance Logo

According to the Numen’s on-chain monitoring, the THOREUM project was attacked at Jan-19-2023 05:07:02 AM +UTC time.

The attacker profited 2260 BNB, roughly equivalent to $65,540 USD.

The attacker’s address:

The attacked Contract:

Transaction details

The attack was simple, the attacker deposited BNB to gain WBNB, then used the swapExactTokensForTokensSupportingFeeOnTransferTokens function on Binance Smart Chain’s BiSwap to exchange it for THOREUM tokens, and then transferred the tokens to themselves.

It is suspected that there was a specific branch in the transfer that allowed for this to happen. Local simulation results match the call stack data.

Code Screenshot

The attack happened at block height 24912772 and because there have been multiple attacks, at block height 24910634 the project team changed the implementation logic of the THOREUM proxy contract.

The update contract transaction can be viewed at

The update to the contract and the attack happened at a similar time, it is possible that the project team lost their private key. The total loss from this attack is estimated to be 2260 BNB. Numen is continuing to track the situation.

If you wish to audit and ensure that your projects are free from exploits such as these, please reach out to us here.

Numen Cyber Labs is committed to facilitating the safe development of Web 3.0. We are dedicated to the security of the blockchain ecosystem, as well as operating systems & browser/mobile security. We regularly disseminate analyses on topics such as these, please stay tuned or visit our blog here for more!


More Posts