On November 24, according to PeckShield monitoring, the TPAD of counterfeit TrustPad tokens has fallen by nearly 100%, and the address at the beginning of the 0x2Ca8 will exchange 100,100,100,100,100,100.1001 TPAD for 1,015.33WBNB (about $240,000). In addition, the address at the beginning of the 0xb880 has exchanged 100,100,100,100,100,100,100.1001 DARK (DarkProtocol) for 976.53WBNB (about $230,000), and DARK has fallen by nearly 100%. The GigaDAO token GIGS has also dropped by nearly 100%, with one address exchanging a large amount of GIGS for 1,016.45WBNB (about $240,000). PeckShield cautions that these Rug Pull tokens have the potential to share the same name as other projects' tokens.

PANews reported on November 7 that TrustPad, a cross-chain financing platform, said on platform X that one of its staking contracts had been attacked. An investigation is currently under full swing. During this period, users do not trade TPAD and a detailed response will be issued after the survey is completed. User funds and wallets are safe and have been snapshotted. According to Phalcon, TrustPad was attacked due to multiple design flaws in the logic of the staking contract, with hackers using untrusted external calls to manipulate the lock-up period to obtain pending rewards.

Odaily Launchpad platform TrustPad posted on the X platform that one of the staking contracts was attacked, and the team is investigating the vulnerability. In the meantime, please do not trade TPAD. The team will post the details after the survey is concluded. The snapshot is about to take place, and the wallet and funds are safe.

Golden Finance reported that TrustPad, a cross-chain financing platform, said on social platforms that a staking contract was attacked. An investigation is currently under full swing. During this period, users do not trade TPAD and will post a detailed response after the survey is completed. User funds and wallets are safe and have been snapshotted. According to Phalcon, a security development and active defense suite owned by BlockSec, TrustPad was attacked due to multiple design flaws in the logic of the staking contract, with hackers using untrusted external calls to manipulate the lock-up period to earn pending rewards.

According to Golden Finance, trading explorer Phalcon said on social media X (formerly Twitter) that the TrustPad protocol was attacked due to several design flaws in the staking logic, namely manipulating the lock-up period through untrusted external calls to obtain pending rewards. In the receiveUpPool function of the LaunchpadLockableStake contract, if the account is not locked, the depositLockStart time will be set. The attacker then manipulates it into making an immediate deposit (via the receiveUpPool function) and withdrawing to accumulate pending rewards. In addition, another function, stakePendingRewards, allows the attacker to convert the accumulated pending rewards into a staking amount, allowing the attacker to withdraw the staking reward in the form of TPAD tokens in future transactions and sell the tokens for a profit.