As you may have heard, ApeRocket has been the scene of 2 flashloan attacks on its BSC platform and its Polygon fork, respectively at 4:30 AM UTC and 8:00 AM UTC.
We are deeply sorry and saddened about this incident and we will try to compensate the people affected.
Without going into too much detail, in both cases substantial amounts of money were borrowed via AAVE (Polygon) and PancakeSwap (BSC). In the first case the funds were deposited on the DAI — MATIC LP vault and in the second the CAKE vault. Due to the large amount of money deposited, the hacker held more than 99% of the funds on these two vaults. Once everything was in place, large amounts of money were sent to the vault contract (flashloan). Then functions were called from these vaults and an anomalously high number of tokens were minted in response, as these CAKE generated were far greater than the reality.
Once the exploit was performed the borrowed funds were returned and the attacker sold his generated tokens rewards and dumped the price.
The consequences of this double exploit amounted to $260K and $1M.
For more information, you can find the following articles at WatchPug, our auditor:
BSC — https://watchpug.medium.com/aperocket-finance-performance-fee-minting-incident-root-cause-analysis-b959c1e963ba
Polygon — https://watchpug.medium.com/aperocket-polygon-performance-fee-minting-incident-root-cause-analysis-ed216f422f56
About the compensation plan?
As promised, we will try to compensate all people affected by the problem and who held SPACE / pSPACE before the attack.
Our plan will consist of 2 ways:
1) Regarding the BSC we were already working on a new version of ApeRocket (ApeRocket V2) prior to the attack, easier to use, more didactic, gas efficient, meaning more compounds, more APYs, and offering us more possibilities. We were not fully satisfied with the V1 being a complete fork of Pancake Bunny. We plan to relaunch the website under this new version soon.
A compensation pool will be opened, and we also plan to set up buybacks to raise the price. More information will come at the end of the week about the procedure and the exact course of all this.
In the meantime, we have decided to pause the SPACE Minter, which means that SPACE rewards are no longer generated but in exchange we will not take any performance fees. So, we will auto-compound your tokens/LPs for free during this period. Actually, it is more interesting not to have to pay the 30% performance fee and leave with 100% of your earnings as it is, because the price of the SPACE tokens you would have received would have been lower than the 100% of the earnings generated.
2) Our launch on Polygon was done in a hurry because we imperatively wanted to join the ApeSwap ecosystem on this blockchain as soon as possible. Thus, some things failed our vigilance and that of one of our auditors on whom we put pressure to release a usable version as soon as possible.
Given the current situation on Polygon, we see no other solution than to set up a new token and an allocation of this new token to all people holding pSPACE, prior to the exploit, as a locked compensation for a yet to be defined period of time. We’ll pursue an aggressive buyback strategy with the performance fees accrued in Polygon by Aperocket V2.
Before launching V2, we’ll conduct at least two audits. We’re exploring options now because of the bandwidth limitations with trusted and reliable audit companies. Nothing will be launched before the publication of at least one report.
Again, we are deeply sorry for the current situation and hope to regain your trust over time by adopting a more user-friendly approach and making the necessary efforts in the long run.
We know that this may not seem like enough to many of you, but we will definitely give it our best shot and will make ApeRocket great again.