Key Takeaways:
- Today Dego Finance, a cross-chain NFT+DeFi protocol got hacked.
- Dego Finance addresses providing liquidity on Uniswap and PancakeSwap was hacked.
Today Dego Finance, a cross-chain NFT+DeFi protocol, got hacked. Dego Finance addresses providing liquidity on Uniswap, and PancakeSwap was hacked. The DEGO pair provided by the team was exhausted. The team has teamed up with major exchanges such as Binance to close DEGO deposits.
Dego Finance even Tweeted about it. They informed their users through the tweet below:
Dego Finance requested other exchanges to do the same so that the hacker could not cause any damage. They will keep all stakeholders updated on the latest developments and talk to reputable security teams on how to identify the hacker and retrieve loss. Dego Finance asked the hacker to come forward and communicate.
According to PeckShield the exploiters withdrew more than $10 million from Dego Finance & CocosBCX. At the time of writing the illegal assets were here ETH&BSC: 0x118203b0f2a3ef9e749d871c8fef5e5e55ef5c91.
According to DEGO finance medium, DEGO detected abnormal change of DEGO price on DEX and centralised exchange too. The team looked into this anomaly and quickly concluded there has been a well-organised hacking event from approx 11:29 PM UTC on 9th Feb 2022 targeting DEGO team addresses hosting DEGO tokens and DEX liquidity (DEGO/ETH, DEGO/BNB).
The hacker drained DEGO pairs liquidity provided by the team on UniSwap and Pancake Swap, subsequently stealing 2613.40 BNB, 378.76 ETH and 492,316.41 DEGO tokens. The hacker also hijacked DEGO’s Minting contract and minted a total of 1,185,164.71 DEGO tokens.
For ETH and BNB tokens the hacker used Tornado Cash to mix funds. For DEGO tokens the Hacker liquidated 1,288,233.59 DEGO tokens through an instant exchange service (DEGO Price fell by 12.90% from $4.42 — $3.85 by 12 PM UTC 9th/Feb/2022), which operates accounts on centralised exchanges and offers No-KYC service.
Some of the proceeds were converted to BTC and XMR and sent to the following addresses:
- bc1qtjy0gy0s4pkhf0xs9lu5xqx9zn9f7p0awmc3zg
- bc1qr3cvm5a7m8azxj8605e45enehfkm0y9yvnhrs4
- bc1qm049eph90d9dtkt4g4xcsazerz5kpc0daah6fc
- bc1qf3w6ce6hafpcf4r4kkksq5g9880epa5prpm5qu
- bc1qn0z2zl6fxgdlyuq4e9fvka8qa629vfaejz56wx
- bc1qgv83kgj5ceggy9v52p6938c42steredc0d6734
- bc1q8n2djszhxzlpex7tnty92wk3vwwfqxkpayt8jc
- 48zy6ydcdqgDHD7ULVpWN5HRUgYm33ee7jG4Tu6bp7qeST33iH2Ch88YRq3noAJSG88kSuvBF16PfiZtQZwGrsdJALQhpJF
After going through all team addresses, DEGO rescued a good amount of DEGO tokens and stored them somewhere safe. They engaged SlowMist and Certik teams for professional advice and solutions. DEGO Finance even worked with the EtherScan team and some of the hacker’s addresses have been marked.
The addresses marked were 0x118203b0f2a3ef9e749d871c8fef5e5e55ef5c91 and 0xC1259239d6faE6EEff783C02D2fFAB0841219B4e. A total of 602,562.35 DEGO tokens are still in the hacker’s possession but cannot be liquidated in major exchanges since the lockdown. They thoroughly examined on-chain and exchange records to keep traces of funds and to identify the hacker.
