According to information provided by the team at EasyFi, it was reported that the hackers used a MetaMask attack to steal funds worth Millions of dollars by gaining illegal access to the network’s official wallet.
CEO of EasyFi, Ankitt Gaur, said that the hackers managed to hack into his computer, then proceeded to compromise the MetaMask browser extension to gain access to the EasyFi admin account on MetaMask, successfully acquiring sensitive private keys.
Gaur wrote in his statement that this attack was planned remotely, which lead to the drainage of precious liquidity from the protocol. Taking advantage of the private keys, the hacker managed to access EasyFi’s liquidity pools and acquired around $6 Million. In addition to the LP drain, the hacker also stole around $75 Million worth of EASY tokens. Gaur continued by mentioning that the compromised funds from LP were sent to an Ethereum address named Reb Bridge, then were converted and transferred to a bitcoin address. As for the tokens, they are still present on that specific Ethereum address.
EasyFi has issued an official announcement warning its users not to use any sorts of contracts related to the EASY token and must also refrain from storing any liquidity in DEXes. For now, the team at EasyFi is going to implement a hard fork in hopes of recovering the lost funds.
This is indeed one of the worst incidents that the DeFi-based project has had to face. Statistical data from sources show that the loss in Millions has definitely hurt the economy of EasyFi, dropping the price of its EASY token from $25 to $16.8.
MetaMask’s History
The surprising thing is that this is not the first time that the project has faced a MetaMask attack. Back in December of 2020, the MetaMask browser extension was targeted, in which hackers managed to display a fake prompt to the founder of Nexus Mutual, tricking him into transferring more than $8 Million to the hacker.
This incident has put question marks on the security of the hot wallet used by the project, as people have started to express their anger and frustration on EasyFi. Crypto researcher Chris Blec mentioned several issues of EasyFi in his tweet, stating that this incident has highlighted the poor security solution for the admin key and the team at EasyFi has made a huge mistake for relying on a hot wallet, which has a track record of getting hacked and using it for official transactions.
All trademarks, logos, and images displayed on this site belong to their respective owners and have been utilized under the Fair Use Act. The materials on this site should not be interpreted as financial advice. When we incorporate content from other sites, we ensure each author receives proper attribution by providing a link to the original content. This site might maintain financial affiliations with a selection of the brands and firms mentioned herein. As a result, we may receive compensation if our readers opt to click on these links within our content and subsequently register for the products or services on offer. However, we neither represent nor endorse these services, brands, or companies. Therefore, any disputes that may arise with the mentioned brands or companies need to be directly addressed with the respective parties involved. We urge our readers to exercise their own judgement when clicking on links within our content and ultimately signing up for any products or services. The responsibility lies solely with them. Please read our full disclaimer and terms of use policy here.