On July 2023, Palmswap was exploited in a business logic flaw, resulting in approximately $900K in losses. That makes the Palmswap exploit the 94th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Palmswap Business Logic Flaw Played Out
Exploit Class Applied to Palmswap
The Palmswap incident on July 24, 2023 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, Palmswap is 1 of 144 documented business logic flaw incidents.
Palmswap in Context
At $900K, the Palmswap exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — – EulerFinance (2023) at $200M.
Prior Business Logic Flaw Before Palmswap
The nearest business logic flaw incident before Palmswap was SUT, 3 days earlier on July 21, 2023 ($8K lost). The same exploit class surfaced again within the business logic flaw attack surface.
Impact & Recovery for Palmswap
Palmswap Loss Figure
The Palmswap exploit caused $900,000 in losses — a minor (<$1M) incident and the 35th largest of 214 documented in 2023. This single incident represents 0.1% of all tracked losses that year.
Where Palmswap Sits Among Business Logic Flaw Attacks
Ranked by loss size, Palmswap is the 16th largest of 144 business logic flaw incidents documented. That puts the Palmswap loss below the class average of $6.08M.
Timeline Since the Palmswap Incident
The Palmswap exploit occurred 2.7 years ago (995 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Palmswap
Public post-mortem / on-chain analysis for the Palmswap incident: view source.
FAQ
How much did Palmswap lose?
The Palmswap exploit in July 2023 resulted in $900,000 in losses — the 35th largest of 214 DeFi incidents that year.
When did the Palmswap hack happen?
The Palmswap exploit was recorded on July 24, 2023 — 995 days ago.
What type of exploit hit Palmswap?
The Palmswap incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.
How common is the Business Logic Flaw pattern seen at Palmswap?
Our archive contains 144 documented business logic flaw incidents. The Palmswap incident is one of them.
How does Palmswap compare to the largest Business Logic Flaw attack?
The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The Palmswap loss is $900K.
What are the implications of cryptocurrencies for VAT/sales taxes according to the study?
Cryptocurrencies pose profound risks for VAT/sales tax compliance and evasion.
Why is UC-security important for SALRS?
Ensures SALRS's security when composed with other protocols.