Incident Type: Approval Phishing Attack
Total Losses: $201,724.26 (126,724.26, USD (in sFLR) + $75,000 in USDT0)
Users on Flare Network lost sFLR and USDT0 tokens after approving to what was probably a fake lending protocol contract. The attacker tricked victims into granting unlimited spending permissions, then drained their wallets weeks later.
Critical finding: The sFLR and USDT0 smart contracts work correctly. Users approved to malicious contracts and should revoke approvals.
Users on Flare who made approvals to Teralend should revoke those approvals.
One way to do this is using revoke.cash as follows:
Connect your wallet at the top right button
Select the network Flare
Look for the approved Spender:
0x0AbcA7776D419dBC1E5548DF25748B7463f6428e or 0x5213a4843626107342e26E630CC80F979805087a
and press the revoke button on the right side of the entry.