shield Business Logic Flaw

JokInTheBox Exploit: Business Logic Flaw Incident Explained (2024)

Q: When did the JokInTheBox hack happen?

The JokInTheBox exploit was recorded on June 11, 2024 — 672 days ago.

Q: What type of exploit hit JokInTheBox?

The JokInTheBox incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Q: How common is the Business Logic Flaw pattern seen at JokInTheBox?

Our archive contains 144 documented business logic flaw incidents. The JokInTheBox incident is one of them.

Q: How does JokInTheBox compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is - EulerFinance (2023) at $200M. The JokInTheBox loss was not publicly disclosed.

On June 2024, JokInTheBox suffered a business logic flaw — the first of 144 documented business logic flaw incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.

Attack Mechanics: How the JokInTheBox Business Logic Flaw Played Out

Exploit Class Applied to JokInTheBox

The JokInTheBox incident on June 11, 2024 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, JokInTheBox is 1 of 144 documented business logic flaw incidents.

JokInTheBox in Context

The JokInTheBox incident joins a class whose largest loss to date is – EulerFinance (2023) at $200M.

Prior Business Logic Flaw Before JokInTheBox

The nearest business logic flaw incident before JokInTheBox was YYStoken, 3 days earlier on June 8, 2024 ($28K lost). The same exploit class surfaced again within the business logic flaw attack surface.

Impact & Recovery for JokInTheBox

JokInTheBox Loss Figure

The loss figure for JokInTheBox is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 144 business logic flaw incidents in our archive is $6.08M.

Timeline Since the JokInTheBox Incident

The JokInTheBox exploit occurred 1.8 years ago (672 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

FAQ

How much did JokInTheBox lose?

The JokInTheBox loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.

When did the JokInTheBox hack happen?

The JokInTheBox exploit was recorded on June 11, 2024 — 672 days ago.

What type of exploit hit JokInTheBox?

The JokInTheBox incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

How common is the Business Logic Flaw pattern seen at JokInTheBox?

Our archive contains 144 documented business logic flaw incidents. The JokInTheBox incident is one of them.

How does JokInTheBox compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The JokInTheBox loss was not publicly disclosed.

What challenge does integrating I4.0 technologies into SHSCs aim to address?

Mitigating risks and uncertainties in humanitarian supply chains caused by climate change.

What does the SB-GARCH-MIDAS model aim to capture?

It aims to capture the impact of structural breaks in monetary policy on cryptocurrency volatility.