FilDA Incident: Community Update

Summary

1. Compromised funds: 1,677,000 USD (but could reach up to 2 million USD)

Compromised funds

Compromised Assets:

  • USDC 279,341
  • HUSD 721,673.8
  • BUSD 440,158.353
  • BTC 4.402465184
  • ETH 17.91882523
  • 703,266.3649 DAI
  • 80.4495 ETH
  • 0.6505 HT
  • 24,975 ELA
  • 21,713.1623 ELA
  • 18.9021 ELA
  • 0.6 ETH
  • 0.1286 BNB

Attack analysis

Attacker address: 0x4a9a0cC103199F67730bdC61337d192788858874

  1. The underlying token is borrowed via a flashloan.
  2. The borrowed token is then deposited into the protocol via the callback function, which is controlled by the attacker. Lots of extra f tokens are minted at this step.
  3. The borrowed token is returned to the protocol via a flashloan callback, but lots of fTokens are left to the attacker.
  4. Most of the cash in the lending pool is redeemed.
  1. We are putting out a $100K bounty for the first person or team that helps return the funds.
  2. Please do not doxx the attacker in the process.

Steps taken

  1. All deposits and borrowing are suspended. Bridges to/from ESC are currently suspended. We are proposing to use HECO DAO and Elastos DAO to help track the lost funds.
  2. The root cause has been identified by the dev team and Slowmist. A post-mortem will be released soon. We are discussing potential plans to reopen the market on ESC following consultation with our security partners and the community.
  3. Losses and affected users are being counted. A remediation plan is being drafted.
  4. In order to avoid further losses, we will suspend interest calculation and will not carry out additional liquidation of high-debt assets. We plan to suspend all operations of FilDA (including withdrawal and repayment) for snapshot at 5:00 AM UTC on April 15th. After the information and data is processed, and security confirmed, the platform will be able to gradually return to normal. We are aiming for this to be as soon as possible.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
FilDA

FilDA

FilDa is your portal into the next wave of decentralized finance.