Thetanuts Finance Vault Exploited for $2.1M in Legacy Code Attack
Attackers drained $2.1 million from a years-old, deprecated Thetanuts Finance vault, highlighting the persistent risks in dormant DeFi code. While whitehats recovered most of the funds, the exploit underscores the dangers of legacy smart contracts left on-chain.
A $2.1 million DeFi heist went down, but the target was a ghost. Attackers hit a deprecated Thetanuts Finance vault, a relic from years ago that the protocol had long since abandoned. This wasn't a breach of their active systems, but a reminder that old code never truly dies on the blockchain.
Security firms traced the damage to an integer division flaw in the contract's mint function. This bug allowed attackers to mint tokens for free, essentially printing digital cash out of thin air. The exploiter managed to swap $105,000 in USDC for about 60 ETH, leaving behind a trail of digital dust.
Here's the kicker: whitehat defenders swooped in and recovered nearly $2 million in option tokens. So, while the exploit happened, the damage was largely mitigated by good actors. Still, this incident fits a disturbing pattern of attackers targeting old, unmaintained smart contracts, proving that even abandoned code can become a lucrative target.