The Fantom Foundation, the entity behind the Fantom blockchain, and its employees appear to have been the targets of a large-scale hack that has seen an estimated $7 million drained by the attacker.

On Tuesday, blockchain security firm CertiK found that the stolen funds had been consolidated into an externally owned address, which currently holds 4,501.58 ETH.

The firm began investigating the incident after an alert from X account “Spreek” that traced the hacker’s movements. Spreek found that one Fantom team member lost $3.4 million in the exploit.

The Fantom Foundation confirmed the exploit in an X post a few hours later, saying that the Foundation itself had lost $550,000 in the hack, and some of the Foundation’s wallets that had been reassigned to an employee were impacted by the hack, making it a “targeted personal attack.”

“While there were initial reports of a zero day hack via Google Chrome, the mechanism for the hack is being actively investigated,” said the Fantom Foundation in a statement.

The term “Zero-day” refers to recently discovered security vulnerabilities that hackers can use to attack systems. 

A member of blockchain security firm SlowMist’s team tweeted that the on-chain transfer method used by the hacker pointed to a possible private key theft, and that the Foundation and its employees were targeted by phishing scams, social engineering, or malicious Trojan files.

Analysis from blockchain sleuth “@tayvano_” found that the addresses targeted were either controlled by a single entity or the private keys were stored in a single place.

The stolen assets include Convex Finance (CVX) tokens, DAI, USDC and Fantom’s native token FTM. At the time of writing, FTM was trading at $0.17, down 3.4% in the last 24 hours.