FilDA Incident: Community Update


Compromised funds

  • USDC 279,341
  • HUSD 721,673.8
  • BUSD 440,158.353
  • BTC 4.402465184
  • ETH 17.91882523
  • 703,266.3649 DAI
  • 80.4495 ETH
  • 0.6505 HT
  • 24,975 ELA
  • 21,713.1623 ELA
  • 18.9021 ELA
  • 0.6 ETH
  • 0.1286 BNB

Attack analysis

  1. The underlying token is borrowed via a flashloan.
  2. The borrowed token is then deposited into the protocol via the callback function, which is controlled by the attacker. Lots of extra f tokens are minted at this step.
  3. The borrowed token is returned to the protocol via a flashloan callback, but lots of fTokens are left to the attacker.
  4. Most of the cash in the lending pool is redeemed.
  1. We are putting out a $100K bounty for the first person or team that helps return the funds.
  2. Please do not doxx the attacker in the process.

Steps taken

  1. All deposits and borrowing are suspended. Bridges to/from ESC are currently suspended. We are proposing to use HECO DAO and Elastos DAO to help track the lost funds.
  2. The root cause has been identified by the dev team and Slowmist. A post-mortem will be released soon. We are discussing potential plans to reopen the market on ESC following consultation with our security partners and the community.
  3. Losses and affected users are being counted. A remediation plan is being drafted.
  4. In order to avoid further losses, we will suspend interest calculation and will not carry out additional liquidation of high-debt assets. We plan to suspend all operations of FilDA (including withdrawal and repayment) for snapshot at 5:00 AM UTC on April 15th. After the information and data is processed, and security confirmed, the platform will be able to gradually return to normal. We are aiming for this to be as soon as possible.




FilDa is your portal into the next wave of decentralized finance.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Reading List: Useful websites for Network Engineering

G-D-P-R U Ready for a Revolution?

The Dark Web: The Internets Evil Twin


Unique Authentication Methods for Supply Chains

Cross Site Request Forgery( CSRF) mitigation — Using Synchronization Token Pattern

Expanding Desmos Validator Community

Your Right to Privacy vs. Innovation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


FilDa is your portal into the next wave of decentralized finance.

More from Medium

Token Talk 1: Token Utilities

MVSFI — Decentralized Spot Trade Tutorial on BSC

Monsoon Finance announces its launch on Avalanche, an EVM-compatible blockchain network.

Sentre Protocol Won Wormhole Silver At Convergence Hackathon