The token for the layer-1 blockchain Shido dropped as much as 94% in just 30 minutes after suffering an exploit on its Ethereum-based staking contract.

Blockchain security firm PeckShield alerted its followers to the drop in a Feb. 29 X post . In a follow-up post, it explained an exploiter managed to transfer the blockchain’s Ethereum staking contract to another address with the new owner then upgrading the contract with a hidden function to withdraw staked tokens.

Hi @ShidoGlobal There is a sudden owner transfer to 0x1982. The new owner immediately upgrades the StakingV4Proxy contract with a hidden withdrawToken() function. This hidden function is then called to withdraw all 4,353,473,223.864904 $SHIDO .

Here are related txs:
- owner… https://t.co/TZ6oMDGwMG pic.twitter.com/VGZtyg9PEf

— PeckShield Inc. (@peckshield) February 29, 2024

PeckShield said the attacker had withdrawn over 4.3 billion Shido tokens — nearly half of the almost 9 billion circulating token supply, per CoinGecko data .

Before the price drop, those tokens were worth around $35 million.

In an X post, pseudonymous on-chain researcher ZachXBT said they’d found the exploiter’s address was funded through crypto first bridged from the cross-chain protocol Layerswap and then from the Arbitrum blockchain. 

So the address was funded via Across on Arbitrum and that was funded via Layerswap by this persons ENS.

I think they were hacked as well though bc their assets were suddenly transferred before funding the exploiter. pic.twitter.com/6Da2ybKuFY

— ZachXBT (@zachxbt) February 29, 2024

ZachXBT found what they said was the real identity of the wallet owner which funded the exploiter but said they too appeared to be hacked as “their assets were suddenly transferred before funding the exploiter.”

Related:  Serenity Shield’s token falls nearly 99% after MetaMask wallet breach

Shido is a layer-1 proof-of-stake blockchain that has yet to launch its mainnet. It said in a Feb. 24 X post that it was announcing its mainnet launch “next week.”

SHIDO, is an Ethereum-based ERC-20 token that could be staked on the project's connected decentralized exchange (DEX) to earn an 8% annual yield, according to its website.

Shido did not immediately respond to a request for comment on the contract exploit.

Last year saw over 600 crypto-related hacks with $2.1 billion in losses, a nearly 30% decrease from 2022, and so far this year January had 30 attacks with $182.5 million lost, according to PeckShield.

February could also end on a big month for exploiters, with $290 million stolen from PlayDapp  and a further few million dollars worth of crypto stolen in various wallet breaches and phishing scams .

Magazine: Lawmakers’ fear and doubt drives proposed crypto regulations in US