OracleSwap, a decentralized exchange (DEX) protocol on the Songbird Network, has recently become the subject of concern among its users and the wider decentralized finance (DeFi) community. The protocol, which allows users to earn interest for delegating their Flare and Songbird tokens, announced on Jan. 28 that its private keys had been compromised as a result of making its code open source. This has led to calls for caution from FlareMetrics, a data provider for the Flare Network, who have urged delegates on OracleSwap to change to other FTSO operators and revoke all access to the protocol. OracleSwap had to make its v2 repos public so the FTSO community could see the developers who worked on the code. Still, the unintended consequence of this was that its private keys were disclosed and could potentially be used by bad actors to steal rewards from its users. As a result, FlareMetrics has recommended that delegates on OracleSwap change to other FTSO providers to avoid this outcome. The data provider also advised delegates to revoke all access to the protocol to prevent bad actors from gaining a significant amount of voting power. In response to the situation, OracleSwap has announced that it will burn the codes and work on a new contract. The company stated that it will start a fresh FTSO infrastructure under new addresses after the improvement proposals have been implemented.
Full story : OracleSwap Hacked: Private Keys Exposed.