Key takeaways:
- Following a $550,000 attack in October, the Fantom Foundation, a nonprofit creating the Fantom blockchain network, has fixed a significant vulnerability.
- The Fantom Foundation claims that the hacker may have been able to steal $170 million by using the wallet access due to the vulnerability that was found.
Following a $550,000 attack in October, the Fantom Foundation, a nonprofit creating the Fantom blockchain network, has fixed a significant vulnerability.
One percent of the Fantom Foundation’s funds were stolen in a hot wallet hack that occurred on October 17 by an unidentified attacker. It was later determined to be a “targeted attack” because the foundation transferred some of the compromised wallets to a Fantom employee and ceased using them.
According to a blog post on November 20, after the incident, an anonymous security researcher discovered another possible risk connected to the attack and informed the Fantom Foundation.
A dormant admin token for Fantom’s ERC-20 FTM contract was linked to the vulnerability, which may have given the attacker the opportunity to mint some Fantom tokens on Ethereum for themselves.
The Fantom Foundation claims that the hacker may have been able to steal $170 million by using the wallet access due to the vulnerability that was found.
According to the organization, the possible loss’s worth is determined by the token’s price at the moment of the hack:
“though this estimate does not consider the market’s insufficient liquidity to absorb the tokens fully.”
The Fantom Foundation gave the unidentified researcher a $1.7 million award in appreciation for their effort, stating that the vulnerability was “mitigated quickly.” The statement also noted:
“The Fantom Foundation is dedicated to upholding the highest security standards for our platform, and we remain grateful for the security researchers who contribute to this effort.”
The Fantom token has increased over the last four weeks, even though the Fantom Foundation lost half a million due to a hack one month ago.
There have been prior attacks on the Fantom Foundation and its users prior to the most recent $550,000 hack. A significant multichain bridge attack occurred on Fantom in July 2023, costing the company $126 million in bitcoin.
The creator of Fantom, Andre Cronje, later stated that Multichain, which shut down in the middle of July 2023, misled the Fantom team about its accurate security level.
