FilDA Exploit Statement

2 min readApr 23


April 23rd, 2023

FilDA, a multi-chain lending protocol, was attacked earlier today on the Elastos Smart Chain (ESC) and REI Network, resulting in a loss of approximately 700K USD. No other FilDA deployments have been affected.

The vulnerability has been identified and the attack vector isolated. However, ESC and Rei FilDA platforms have been halted and will only be reinstated after a thorough review of the ongoing situation.

We became aware of the potential platform exploit in the early hours of this morning and we continue to analyze the on-chain activity by working alongside CEX, security and ecosystem partners to help trace and monitor these addresses. The addresses discovered received funds from a wallet which has been identified to have interacted with CEX accounts; we have discovered links to IP addresses too. As a result, we are now working with security firms to trace the hacker.

Considering the gravity of the situation, we will ask law enforcement to pursue the case. We encourage affected users to contact their local law enforcement too so they are aware of the theft.

Please be assured that we will continue to share information with the community as the investigation progresses. Following our initial response to the exploit a plan of action will be formulated and this will be shared in due course.

Thank you for your patience at this time and we’re truly sorry for the disruption this has caused for our users.

FilDA Team

Further information

Hacker's Address: 0x7Bb3E4261043e022A50725293cB26aC3Abe9BAE5

Funding Path

0xff1Dc6c870106cF56D20c4232Adc6c8F4d612324 =>

0x7315D64fC06B155Bd44D22e49Ad9D796aF61870F =>


Attack Process (Attack Transactions)

Deposit and borrow operations through abandoned 0 balance asset pools, and attacked after liquidation:

There are multiple similar operations:

CEX Traces (CEX Tracing)

0xff1Dc6c870106cF56D20c4232Adc6c8F4d612324 (Fund source address has interacted with multiple exchanges.)

Withdrawn: from binance:

Deposit to bybit arb network:

Deposit to bybit bsc network:

Sent to Kucoin: 150000 ELA: Kucoin address 0x0869720a6724dF422172845C779b39576Ee641Da

Hacker withdrawal transaction from HUOBI:

Hacker deposits to HUOBI transaction:

Hackers withdraw funds from HUOBI to REI transactions:

Hacker address: 0x7Bb3E4261043e022A50725293cB26aC3Abe9BAE5

Huobi address: 0x6F7570cce251C78d7Dfc76D34118c8AbA4E4C4ce

Money Laundering

Crosschain to ETH has 200,000 ELA:

Crosschain to BSC has 80000 ELA:

Address of stolen funds

76000 ELA in ESC:

50000 ELA in ESC:




FilDa is your portal into the next wave of decentralized finance.