April 23rd, 2023
FilDA, a multi-chain lending protocol, was attacked earlier today on the Elastos Smart Chain (ESC) and REI Network, resulting in a loss of approximately 700K USD. No other FilDA deployments have been affected.
The vulnerability has been identified and the attack vector isolated. However, ESC and Rei FilDA platforms have been halted and will only be reinstated after a thorough review of the ongoing situation.
We became aware of the potential platform exploit in the early hours of this morning and we continue to analyze the on-chain activity by working alongside CEX, security and ecosystem partners to help trace and monitor these addresses. The addresses discovered received funds from a wallet which has been identified to have interacted with CEX accounts; we have discovered links to IP addresses too. As a result, we are now working with security firms to trace the hacker.
Considering the gravity of the situation, we will ask law enforcement to pursue the case. We encourage affected users to contact their local law enforcement too so they are aware of the theft.
Please be assured that we will continue to share information with the community as the investigation progresses. Following our initial response to the exploit a plan of action will be formulated and this will be shared in due course.
Thank you for your patience at this time and we’re truly sorry for the disruption this has caused for our users.
FilDA Team
Further information
Hacker's Address: 0x7Bb3E4261043e022A50725293cB26aC3Abe9BAE5
Funding Path
0xff1Dc6c870106cF56D20c4232Adc6c8F4d612324 =>
0x7315D64fC06B155Bd44D22e49Ad9D796aF61870F =>
0x7Bb3E4261043e022A50725293cB26aC3Abe9BAE5
Attack Process (Attack Transactions)
Deposit and borrow operations through abandoned 0 balance asset pools, and attacked after liquidation:
There are multiple similar operations:
https://esc.elastos.io/address/0x7Bb3E4261043e022A50725293cB26aC3Abe9BAE5/transactions
CEX Traces (CEX Tracing)
0xff1Dc6c870106cF56D20c4232Adc6c8F4d612324 (Fund source address has interacted with multiple exchanges.)
Withdrawn: from binance: https://bscscan.com/tx/0x3a6624c093c4bb3bb4e2fa654f13275fbde93da44952f4cf936062fb4f6d991d
https://bscscan.com/tx/0xcc180c0c6c6eadf26603625a1b37187938db81de59759ea7b82c755108acc5a6
Deposit to bybit arb network: https://arbiscan.io/address/0x699c482b0932d963077f59d5bcc6ff8985ea73e9
Deposit to bybit bsc network: https://bscscan.com/tx/0xb05dcdcc32151f911848b0390f00ead614d9ccb76017ab39e281deeaf46b2049
Sent to Kucoin: 150000 ELA: Kucoin address 0x0869720a6724dF422172845C779b39576Ee641Da
https://esc.elastos.io/tx/0xd78f561712660d9d9e102b4344971a805ec855b2e8728fbae7f77fb375d4fd24
https://esc.elastos.io/tx/0xde5fb17565f2233f5165a022cbb586bdcb6b9439e2491fa4541a7a6203621523
Hacker withdrawal transaction from HUOBI: https://www.hecoinfo.com/en-us/tx/0xf97f338170f53c8495aa2db21529203110a230532cba01f5a49d0de2887ef167
Hacker deposits to HUOBI transaction: https://www.hecoinfo.com/en-us/tx/0x392f0eaff008f0c713febaaa982e336671530eb2842af87eddae295dfdbc6800
Hackers withdraw funds from HUOBI to REI transactions: https://scan.rei.network/tx/0x994eb92c20b6261321217e37c6769c202ba60acbc9a011bd38940d1fb1d72903
Hacker address: 0x7Bb3E4261043e022A50725293cB26aC3Abe9BAE5
Huobi address: 0x6F7570cce251C78d7Dfc76D34118c8AbA4E4C4ce
Money Laundering
Crosschain to ETH has 200,000 ELA: https://esc.elastos.io/tx/0x7dd56598cbe42ba07b2bdb4d4e4bc12c8519fa7be1cffbb9e6a3ff55aec69911
Crosschain to BSC has 80000 ELA: https://esc.elastos.io/tx/0x99ec0bf601936a423dcc45cfca789dce70ed685419dfcd22f287c2eb081f7710
Address of stolen funds
76000 ELA in ESC: https://esc.elastos.io/address/0x3ec6A372352A47177D02dB8632D86f3B8847a550/transactions
50000 ELA in ESC: https://esc.elastos.io/address/0x8782163068c7cd74D2510768a61135C1e4Eb07b3/transactions