Rekt around the clock.
Attacks can happen at any time, but the weekends are always busiest.
Social tokens haven’t taken off yet, but that doesn’t mean Roll didn’t get rekt.
$5.7 million gone, ripped from the liquidity pools of multiple DeFi influencers and “celebrities”.
DeFi is a danse macabre, where your status is irrelevant. The rekt reaper pays no heed to fame or influence, if there’s a hole in the code or in your own OPSEC then just it’s a matter of time until the music stops.
Over 7 hours since the attack and still no public statement from @tryrollhq.
Saying "It's 4AM, we'll announce tomorrow" is bad enough, but not following up on that is even worse.
Igor Igamberdiev states that this attack was a possible private key compromise or inside job, and that
“Currently, the attacker has sold all the stolen tokens, but it remains unclear whether they have access to other elements of Roll’s infrastructure.”
The tokens were taken from a Roll hot wallet, which not only received social tokens from Roll’ multisig but was also sponsored by Roll multisig owners.
As @ameensol pointed out on Twitter; this attack could have been avoided if Roll had not “insisted on a fixed supply token setup where they sit on a time bomb of 10% of the supply of each social token minted on their platform”
The fixed token supply model introduces a lot of trust assumptions;
- someone has to LP
- vesting for both the creator and TryRoll
- incentive alignment fades as creator sells
We reached out to the Roll team but had no response.
Apparently, the hacker was not bullish long-term on any of the celebrities, as they chose to immediately dump each token for ETH and escape through Tornado Swap to enter a reasonable position of number 14 on our leaderboard.
This disrespectful dump caused each token to drop in price.
This was an unusual attack due to it’s personal nature.
A direct insult to each token owner, and an interesting insight into the negative aspects of tokenising yourself. This hack gives a taste of what social token owners will experience in the future.
How long until KSI has an RSI? When can we put Bollinger Bands on PewDiePie?
In a not so distant future...
A top Youtuber releases a particularly good “Elders react to unboxing challenge” video, goes viral, and everybody gets rich as their stochastic crossover goes through the 20 band due to everyone “smashing that subscribe button”.
The next day somebody uncovers a tweet from 2014 - the Youtuber has been caught using discriminatory language against Tumblr users, a death cross forms between the 200 and the 50 MA and their token dumps into oblivion.
The Youtuber is cancelled and everybody gets liquidated.
No space is safe, even social tokens have their dark side.
Poor management decisions built up a tempting treasury , and somebody decided to take it.
If it was an inside job or an audit oversight is yet to be known, as we still await any announcement from Roll.
This attack might slow down Social Tokens, but it won’t stop them.
If you thought NFTs were controversial, then you’re not ready for what’s coming next.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Shoot yourself in the foot to log in - people will do anything for clout. Despite the hate and the public mockery, “Bitclout” rumbles on; a system of forcibly assigned social tokens valued by the number of followers each account has on Twitter. Who's behind this controversial project?
The Midas touch has backfired, leaving a $660K hole in one of its jFIAT pools. The read-only reentrancy vulnerability is a known weakness of a recently introduced collateral type. Let’s hope this rushed decision doesn’t prove to be Midas’ undoing this time…
On Friday, Raydium, a Solana-based AMM, lost a total of $4.4M in fees from its liquidity pools. Post-FTX, the future of Solana feels uncertain...