Vulcan Forged - REKT
Four cases in ten days.
~$415 million gone.
“Compromised keys” are so hot right now.
BitMart ($196M), 8ight Finance ($1.75M), AscendEX ($77.7M) and now Vulcan Forged ($140M).
But it’s nothing to do with the markets, right?
Vulcan Forged is a “blockchain game studio” and “NFT marketplace” building fantasy play-to-earn games inside what they call the VulcanVerse.
The majority of the funds taken from users’ wallets was in the platform’s own token, $PYR, which is used for in-game transactions and on their native marketplace.
In order to facilitate these use cases, user accounts are linked to an integrated wallet - a service provided by Venly.
The private keys of 96 addresses were compromised, allowing the attacker to drain their contents. As well as $PYR, users also lost substantial amounts of other tokens including ETH and MATIC.
Hacker’s address on:
Funds have since been sent on to further wallets, for example this one containing ~$40M in $PYR and ~$600k in ETH.
The team claims to have identified an address that may be linked to a KYC’d exchange.
A total of over 4.5M PYR was extracted, with a value of ~$140M at the time of the attack.
Subsequent sales of the stolen PYR had a large impact on the token price, which dropped ~30% initially, from around $31 to a low of $21.47.
In contrast to the other cases, the Vulcan team has been quick to respond to the incident, posting regular updates on their Twitter feed and promising to both replace the stolen $PYR and remove the custodial wallets.
According to the latest update, the majority of affected wallets have already been reimbursed from the treasury, and the team aims to pursue a 100% decentralised system going forward.
The response from the team has been better than most, but that doesn’t mean we should be less suspicious.
“Compromised keys” can’t be analysed by outsiders; a fact which benefits only the insiders.
Who is to blame for this incident? Is it Vulcan Forged, for a lack of due diligence, or their wallet provider; Venly?
Without further details; we will never know.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Deribit - REKT
Deribit has lost $28M from their hot wallets on the Ethereum and Bitcoin networks. As with all cases of “compromised keys”, only insiders can say for certain what caused the breach, but we have our usual suspects…
Crypto.com - REKT
Another CEX rekt, but they have yet to admit it. ~$33.7M taken, hundreds of users affected, and Crypto.com are still claiming that "funds are safe".
LCX - REKT
Nothing to see here… Another CEX rekt, $7.94M stolen. The USP of centralised finance grows smaller by the day.