Spectral Labs identifies Syntax vulnerability, pauses contracts
Spectral Labs announced it detected a vulnerability that affected select tokens on its Syntax platform — a no-code environment that allows users to create onchain AI agents — allowing a hacker to make off with $200,000 in liquidity.
According to Spectral Labs, access to Syntax has been disabled until the issue has been resolved and contracts on the platform have also been paused to avoid further complications. In a statement to Cointelegraph, Spectral Labs confirmed the source of the vulnerability:
“We suffered a vulnerability in the bonding curve, where the hacker was able to remove tokens at a cheap price. We are fixing the issue and will be running tests thoroughly before resuming.”
The Spectral team also said it is working with industry partners to resolve the situation and restore service as quickly as possible.
Related: Crypto lender Polter Finance halts operations after $12M hack
Crypto hacks and exploits plague the crypto industry
According to Immunefi, losses from crypto hacks and fraud topped $71 million in November 2024, with an overwhelming majority of losses coming from hacks or other code exploits.
However, year-to-date losses for 2024 are 15% lower than during the same period in 2023 — a positive development for the crypto industry.
Despite the reduction in overall losses, crypto hacks and exploits remain a serious threat to digital asset investors. On November 15, the decentralized finance project Thala was hacked for $25.5 million — representing the second largest hack of November 2024.
At the time, spokespeople for Thala said the threat actor exploited an “isolated vulnerability” in Thala’s v1 farming contracts which allowed them to drain liquidity tokens from the platform.
On November 18, Thala recovered the $25.5 million in funds and was able to identify the hacker with the aid of law enforcement, though the hacker’s identity has not been made public.
The DEXX onchain trading terminal experienced the biggest losses for the month in a private key leak on November 16. The losses from the hack were initially estimated at roughly $21 million but total losses later swelled to around $30 million.
Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec