Halloween came early this year for the Fantom Foundation.
Over $7M was drained from multiple Fantom Foundation-labelled wallets were drained yesterday.
Fantom’s semi-retired figurehead Andre Cronje quickly clarified that the thefts affected an employee, rather than the Foundation itself.
However, the Foundation’s acknowledgement of the incident which came three hours later did admit to a $550k loss.
There’s been plenty of rushed messaging this week…
The statement went on to explain that some of the affected addresses were “no longer utilized” Foundation Wallets, which had been “reassigned” to an employee.
Why not use new addresses?
With the Fantom Foundation never publicly disclosing their wallet addresses, even after their claims of having 30+ years of runway (thanks to farming 2020’s DeFi Summer), we’ll just have to take Cronje and the Foundation’s word for it.
When did DeFi become ‘trust, don’t verify’?
Starting just before 4am UTC yesterday, at least 12 addresses were drained across five chains: ETH, FTM, OP, BSC and AVAX.
While it remains unknown precisely how the attacker(s) gained access, the fact that multiple associated addresses were drained in short succession may suggest a compromised password manager, potentially LastPass.
The initial explanation, which came via a FTM Foundation TG admin, of a “zero day exploit on crome” doesn’t sound so plausible, after all.
Attacker addresses (totalling $7.5M):
Attacker consolidation address on ETH (holds 4.5k ETH, $7.1M): 0x0b1f29df74a19c44745862ab018d925501fe9596
The mixed messaging around the incident was bound to lead to some slight errors in reporting.
For a website that holds itself to “high journalistic standards”, blaming the social media team (as well as “the society” and “the technology” at large) should probably be followed up by fact-checking tweets…
…at least for a couple of days…
…and against the article it refers to.
Bad luck seems to haunt the Fantom ecosystem like a spectre.
Cronje may have boasted of the Foundation’s treasury holdings last year, presumably to bolster confidence in the ecosystem in the wake of the uncertainty which followed FTX’s blowup.
But, assuming the funds (which apparently include over $100M in stables) are still there, the Foundation now holds far more than the chain’s entire TVL, which has been gradually bleeding from over $500M earlier this year, to just $40M today.
A general downtrend was punctuated in July by the Multichain debacle.
Now, whether for good reason or not, yesterday’s news has spooked users once more.
Is FTM cursed?
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Phishing is a year-round sport. But crypto is providing especially bountiful waters lately. You’d have thought those of us still around would know better by now… What lurks in the murky depths?
OG decentralised exchange KyberSwap got rekt across six chains, for a total loss of over $48M. Perhaps there’s some good news in store for KyberSwap and LPs, or is the attacker just toying with us?
It's been a rough few weeks for Justin Sun. Today, another $99M went missing as HECO Bridge and HTX (again) were hacked in short succession. His Excellency makes sure to never stay out of the spotlight for long…