The Fantom Foundation, the entity behind the Fantom blockchain, and its employees appear to have been the targets of a large-scale hack that has seen an estimated $7 million drained by the attacker.
On Tuesday, blockchain security firm CertiK found that the stolen funds had been consolidated into an externally owned address, which currently holds 4,501.58 ETH.
Stolen funds have been consolidated into EOA 0x0b1 which holds 4,501.48 ETH (~$7m) pic.twitter.com/IU9GKm1qyx
— CertiK Alert (@CertiKAlert) October 17, 2023
The firm began investigating the incident after an alert from X account “Spreek” that traced the hacker’s movements. Spreek found that one Fantom team member lost $3.4 million in the exploit.
The Fantom Foundation confirmed the exploit in an X post a few hours later, saying that the Foundation itself had lost $550,000 in the hack, and some of the Foundation’s wallets that had been reassigned to an employee were impacted by the hack, making it a “targeted personal attack.”
— Sonic Labs (prev. Fantom) 💥 (@0xSonicLabs) October 17, 2023
“While there were initial reports of a zero day hack via Google Chrome, the mechanism for the hack is being actively investigated,” said the Fantom Foundation in a statement.
The term “Zero-day” refers to recently discovered security vulnerabilities that hackers can use to attack systems.
A member of blockchain security firm SlowMist’s team tweeted that the on-chain transfer method used by the hacker pointed to a possible private key theft, and that the Foundation and its employees were targeted by phishing scams, social engineering, or malicious Trojan files.
Analysis from blockchain sleuth “@tayvano_” found that the addresses targeted were either controlled by a single entity or the private keys were stored in a single place.
Takeaways:
Single incident.
Addresses controlled by a single entity/person, or at the very least stored in one place.
The assets may be property of separate entities but opsec wasnt separate (rip 💀)
That one place is fuckign REKT and not bc of a chrome 0day, silly children.
— Tay 💖 (@tayvano_) October 18, 2023
The stolen assets include Convex Finance (CVX) tokens, DAI, USDC and Fantom’s native token FTM. At the time of writing, FTM was trading at $0.17, down 3.4% in the last 24 hours.