Rewards Hub ListaDAO has clarified that a recent attack on a contract named "ListaDAOLiquidStakingVault" was not on any of its official contracts but rather on a counterfeit contract deployed by an unverified third party. The attack, which occurred on April 16, 2026, exploited a business logic flaw in the fake contract, allowing the attacker to drain all assets.
The GoPlus security team identified that the vulnerability involved the Dividend.setShares() function, which altered share accounting and affected reward calculations. GoPlus warns that similar vulnerabilities may exist in other projects that fork or reuse this code, urging developers to audit and secure their smart contracts promptly.
ListaDAO Confirms Fake Contract Attack, Official Contracts Secure
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.