Request Finance had a front end breach on September 10. Only one client was affected. The platform remains secure. Information regarding attacks and safety precautions indoors.
Request Finance discovered a frontend attack on September 10, 2025. Hackers deployed the official platform frontend with malicious logic aimed at contract approval.
The problem was sealed off on the spot. Only a single client was a victim of this attack. Request Finance is organizing recovery activities with the affected side.
The attackers had put a fake smart contract into place that looked like the real Request Finance contract. This malicious contract also had another approach, where attackers could drain approved USDC tokens out of the wallet of the victim.
Attackers sent a transaction batch that authorized an unlimited USDC by the fraudulent contract. The attackers emptied the wallets of approved USDC in a few minutes.
Request Finance affirmed no indication of a broader effect. The basic functionality and security of the platform remain stable. The team examined all other wallets and recent user actions and prevented further compromise.
Sneaky Attack Vector: Rogue Contract Almost Exact.
The assailants took advantage of the slight address disparities of the contract. Both real and fake contracts begin and end with the same characters, but differ in between.
The forged contract was checked on the blockchain explorer, which gave a false sense of validity. This fraud deceived the victim into authorizing unlimited USDC to the despotic contract.
A lawful payment transaction accompanied the acceptance within a Safe multisignature wallet. The batch transaction carried the user signatures, which covered up the exploit in the background.
Attackers called the malicious contract claim token functionality in two minutes. The victim had her wallet balance emptied by this call up to the allowance given.
Strong Security Response and Continuous Vigilance.
Request Finance was quick to introduce new security measures and surveillance. They also hired third-party cybersecurity firms to perform routine auditing and penetration testing. To ensure safety, the team changed all the passwords and technical secrets.
The team will implement additional protective measures. These involve decreasing dependence on third-party services and maximizing integrity verification of their smart contracts and multisig wallets. Request Finance recommends that users always whitelist supported official contracts.
Advisors recommend that users keep the main treasury wallets separate from the daily payment wallets. Validating the contract addresses prior to authorizing a transaction is a major defense.
