On April 2024, UPS was exploited in a business logic flaw, resulting in approximately $28K in losses. That makes the UPS exploit the 307th largest DeFi incident out of 690 documented in our archive.
Hackers tricked a collector of JPEGs depicting apes and mutants (also known as NFTs) to give them control of their digital art, and sold them for more than half a million dollars
Attack Mechanics: How the UPS Business Logic Flaw Played Out
Exploit Class Applied to UPS
The UPS incident on April 9, 2024 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, UPS is 1 of 144 documented business logic flaw incidents.
UPS in Context
At $28K, the UPS exploit is a minor (<$1M) event compared to the largest same-class incident in our archive — – EulerFinance (2023) at $200M.
Prior Business Logic Flaw Before UPS
The nearest business logic flaw incident before UPS was HoppyFrogERC, 7 days earlier on April 2, 2024. The same exploit class surfaced again within the business logic flaw attack surface.
Impact & Recovery for UPS
UPS Loss Figure
The UPS exploit caused $28,000 in losses — a minor (<$1M) incident and the 86th largest of 188 documented in 2024.
Where UPS Sits Among Business Logic Flaw Attacks
Ranked by loss size, UPS is the 61st largest of 144 business logic flaw incidents documented. That puts the UPS loss below the class average of $6.08M.
Timeline Since the UPS Incident
The UPS exploit occurred 2 years ago (735 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
FAQ
How much did UPS lose?
The UPS exploit in April 2024 resulted in $28,000 in losses — the 86th largest of 188 DeFi incidents that year.
When did the UPS hack happen?
The UPS exploit was recorded on April 9, 2024 — 735 days ago.
What type of exploit hit UPS?
The UPS incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.
How common is the Business Logic Flaw pattern seen at UPS?
Our archive contains 144 documented business logic flaw incidents. The UPS incident is one of them.
How does UPS compare to the largest Business Logic Flaw attack?
The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The UPS loss is $28K.
How does the 'Key to the Desert' game demonstrate the application of AI and ML in the Metaverse?
It serves as a case study for pragmatic cooperative models in game community platforms, exploring business opportunities in Taiwan's Metaverse market.
How does the study assess model performance?
Model performance was assessed using various metrics including AIC, BIC, MSE, and QLIKE, supplemented by comprehensive residual diagnostics.