Bug in Fantasm Finance allows multiple exploiters to take more than $2.6 million
An exploiter was able to use a bug in the Fantasm Mint contract to drain more than 1,000 ETH ($2,640,000) from Fantasm Finance. Fantasm urged their users to redeem their tokens they were staking and exit from liquidity pools, but attackers were still able to drain an enormous amount of funds from the protocol. It appeared that several other attackers joined in after the first attacker used the exploit, though it's not yet clear how much money was lost in total. The primary attacker transferred 1,007 ETH to the Tornado Cash tumbling service shortly after the attack. Fantasm Finance wrote on Twitter that they planned to publish a postmortem the following day, which would include compensation options for affected users.