shield Arbitrary Call · $726K loss

Auctus Arbitrary Call postmortem (March 2022) — $726K drained

Q: How much did Auctus lose?

The Auctus exploit in March 2022 resulted in $726,000 in losses — the 13th largest of 129 DeFi incidents that year.

Q: When did the Auctus hack happen?

The Auctus exploit was recorded on March 26, 2022 — 1,480 days ago.

Q: What type of exploit hit Auctus?

The Auctus incident is classified as a Arbitrary Call. The contract executes an external call with attacker-controlled target or calldata, letting them impersonate the contract.

Q: How common is the Arbitrary Call pattern seen at Auctus?

Our archive contains 21 documented arbitrary call incidents. The Auctus incident is one of them.

Q: How does Auctus compare to the largest Arbitrary Call attack?

The largest arbitrary call incident in our archive is Seneca (2024) at $6M. The Auctus loss is $726K.

Q: How does the BBDSPP scheme improve data sharing flexibility and security?

By assigning values to attributes using a weighted threshold secret sharing scheme for combinable permissions and enhancing access control rigor.

Q: What is a key development in the rise of cryptocurrencies?

The emergence of cryptoexchanges, where cryptoassets are traded, is a key development.

On March 2022, Auctus was exploited in a arbitrary call, resulting in approximately $726K in losses. That makes the Auctus exploit the 104th largest DeFi incident out of 690 documented in our archive.

Attack Mechanics: How the Auctus Arbitrary Call Played Out

Exploit Class Applied to Auctus

The Auctus incident on March 26, 2022 is classified as a Arbitrary Call. The contract executes an external call with attacker-controlled target or calldata, letting them impersonate the contract. In the full archive, Auctus is 1 of 21 documented arbitrary call incidents.

Auctus in Context

At $726K, the Auctus exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — Seneca (2024) at $6M.

Impact & Recovery for Auctus

Auctus Loss Figure

The Auctus exploit caused $726,000 in losses — a minor (<$1M) incident and the 13th largest of 129 documented in 2022. This single incident represents 0.3% of all tracked losses that year.

Where Auctus Sits Among Arbitrary Call Attacks

Ranked by loss size, Auctus is the 5th largest of 21 arbitrary call incidents documented. That puts the Auctus loss below the class average of $783.5K.

Timeline Since the Auctus Incident

The Auctus exploit occurred 4.1 years ago (1,480 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for Auctus

Public post-mortem / on-chain analysis for the Auctus incident: view source.

FAQ

How much did Auctus lose?

The Auctus exploit in March 2022 resulted in $726,000 in losses — the 13th largest of 129 DeFi incidents that year.

When did the Auctus hack happen?

The Auctus exploit was recorded on March 26, 2022 — 1,480 days ago.

What type of exploit hit Auctus?

The Auctus incident is classified as a Arbitrary Call. The contract executes an external call with attacker-controlled target or calldata, letting them impersonate the contract.

How common is the Arbitrary Call pattern seen at Auctus?

Our archive contains 21 documented arbitrary call incidents. The Auctus incident is one of them.

How does Auctus compare to the largest Arbitrary Call attack?

The largest arbitrary call incident in our archive is Seneca (2024) at $6M. The Auctus loss is $726K.

How does the BBDSPP scheme improve data sharing flexibility and security?

By assigning values to attributes using a weighted threshold secret sharing scheme for combinable permissions and enhancing access control rigor.

What is a key development in the rise of cryptocurrencies?