Security report / 10th May 2024

Our dev team has fixed a vulnerability in the back end of CYBRO's website. The vulnerability allowed attackers to earn points without making a real purchase of CYBRO tokens by making an API call on the back end, passing any transaction and amount instead of a real one.

Only one attacker managed to exploit this vulnerability, his points were erased from the database. The attacker stole no tokens. The smart contract was not exploited.

Last updated