April 20, 2021 | AtoZ Markets – The founder of the EasyFi DeFi protocol, Ankitt Gaur, published a blog post on April 20 in which he talked about how hackers managed to get to the liquidity pools and withdraw $6 million from them.
The break-in took place on Monday, April 19. Its target was mnemonic keys and admin keys. With their help, hackers gained access to the funds and stole almost 3 million EASY tokens.
EasiFi hacker withdrew funds from liquidity pools through MetaMask
According to a tweet, the team received a report of large transfers from protocol wallets.
1/3 On Monday, 19th April 2021 our team members reported the transfer of a large amount of EASY and protocol funds from designated contracts & wallets. initial investigation revealed the possibility of compromise of mnemonic phrase.— Ankitt Gaur (@AnkittGaur) April 19, 2021
"We have received confirmation from initial reports that hackers deliberately compromised the founder's computer/MetaMask in order to gain access to administrator keys and launch a well-planned attack."
The hacker gained access to the existing liquidity in the protocol pools in USD, DAI and USDT and withdrew 2.98 million EASY tokens to his wallet address.
He also added that EasyFi smart contracts were not affected. Attackers deliberately hacked into Gour's personal computer via remote access.
“The machine was not used for day-to-day operations, only for transfers. So the hacker had to wait for the right moment for his well-planned attack. "
Gaur stated that in most cases, MetaMask is hacked through theft of private keys or passwords using phishing attacks. However, in this case, the computer was hacked, and the wallets were accessed directly from the hard drive.
According to Gour, the attackers have not yet sold the stolen tokens due to liquidity constraints. He promised to pay the cracker a reward of $ 1 million if he returned all the coins in full.
This incident confirms the suggestion that DeFi protocols aren't really all that decentralized if the "CEO" still owns all the keys. A similar case happened with Nexus Mutual founder Hugh Karp in December 2020. However, the hackers stole $8 million worth of coins from his own wallet, not from the protocol.
EasyFi is a Layer 2 DeFi lending protocol powered by the Polygon (formerly Matic) network. It launched on Binance Smart Chain in early April and partnered with PancakeSwap on profitable farming initiatives.
At the time of this writing, EASY has partially won back positions, rising to $16.90.
Think we missed something? Let us know in the comment section below.