PANews reported on February 18 that according to The Block, a document released by Dexible on its Discord server showed that Dexible's losses in this attack were finally confirmed to be $2 million. Hackers exploited a vulnerability in the smart contract code to withdraw funds from crypto wallets using funds approved for expenditure. The team added that the funds lost by "a few whales" accounted for 85% of the total amount of funds stolen this time. On-chain data showed that digital asset investment company BlockTower Capital was one of the victims. The address marked as Block Tower Capital by blockchain security companies Nansen and Arkham Intelligence was stolen from $1.5 million worth of TRU tokens in this incident. The attacker transferred the TRU tokens to SushiSwap and exchanged them for Ether (ETH), and then transferred them to TornadoCash. In this attack, 13 wallets on Arbitrum and 5 wallets on Ethereum were affected. According to previous news, the DEX tool Dexible was suspected of being attacked yesterday, with losses exceeding $1.5 million. The attacker has transferred the stolen 930.6 ETH (about $1.53 million) to Tornado Cash. Beosin, a blockchain security audit company, analyzed the Dexible incident and said that there was a logical vulnerability in the selfSwap function of the Dexible contract, which would call the fill function. The function had a data that called the attacker's custom data. The attacker constructed a transferfrom function in this data and passed in the addresses of other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) and his own attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), causing the tokens authorized by the user to the contract to be transferred away by the attacker.