PShield stated that it analyzed the latest FEG hacking incident, and the root cause seems to be a composability issue that arose during the integration of the underlying Wormhole bridge used for cross-chain messaging/token transfers.
Specifically, the hacker created a false deposit message (through an unanticipated Wormhole relay interface, which the audited FEG SmartBridge does not support) and then transmitted it to another chain, where it was received by the now-disabled FEG SmartBridge to extract FEG tokens. Please note that the SmartDeFi code was not affected.
Meanwhile, the Wormhole Foundation stated: "The FEG security incident is unrelated to Wormhole. All Wormhole contracts are completely unaffected and unrelated to this issue."
According to previous reports, FEG allegedly suffered losses of approximately $1 million.