Hackers steal 3000 ETH from Roll, causing social token price dumps of nearly -100%
Several coin's prices nearly dumped to zero following the attack.
This Monday, hackers have stolen at least 3000 ETH ($5.7 million) after breaching the security of Roll, a blockchain ecosystem for the issuance of social tokens and NFTs (non-fungible tokens).
Around 3:30 EST, Roll reported suffering a security breach on its platform. Accordingly, a hacker managed to compromised Roll’s private keys to its hot wallet. The attacker drained all the tokens from the wallet and later sold them on Uniswaps for ETH.
“Today we messed up”
The platform stated “there is no further action at this stage”, adding that withdrawals of all social tokens are suspended. Users will not be able to withdraw until developers relocate the hot wallet.
Likewise, third-party auditors will help the platform reinforce its security, and developers will also run a forensic analysis to figure out how the attacker stole the key.
Many community creators said they lost most of their funds due to the attack. Roll will try to compensate the most affected users with a $500,000 fund to help affected users. But some creators are expecting a full refund:
500,000$ fund? I’m a creator and our community just lost EVERYTHING. The $PICA just went to 0… I lost like months of salary. As smaller creative communities we just expect more than this. Hoping for a full refund. Confidence there will be seriously damaged either way
Nearly -100% dumps in price
The attack caused a harsh collateral effect on social tokens, leading several coins to massive price dumps. Some tokens even plunged by nearly 100%. The most affected were PICA (-99.6%), WHALE (-99.3%), and RARE (-87.5).
Seems there was some sort of widespread hack/compromise across various social coins, leading to a massive dump. pic.twitter.com/45Cgca33Ap
— MyCrypto.com (@MyCrypto) March 14, 2021
But according to Barthazian.eth, the hacker even managed to mint social tokens before executing his attack, draining ETH in several pools.
looks like a bunch of social token pools were just drained . attacker somehow mint or sent a bunch of an assorted number of social tokens from https://t.co/IavonekfS0
total 2600ish eth drained across several pools. $whale $julien $fynn $alex
— barthazian.eth (@Barthazian) March 14, 2021
The founder of WHALE, one popular social token, confirmed the attack via Twitter. At least 2.17% of WHALE was compromised, but most assets remain secured in cold storage
1/2
Based on information that we have currently:
1, 2.17% of $WHALE was compromised through a hack on our social token issuer's hot wallet.
2, All other $WHALE including community distributions are fully secure in cold storage, including the $WHALE Vault
— WhaleShark.Pro (@WhaleShark_Pro) March 14, 2021
Despite the large price dump, WHALE managed to surge within a few hours thanks to community support. The token surged from 3$ to nearly 30$. After WHALE managed to get back on its feet, the founder said they are exploring new and better security measures to avoid such attacks in the future:
“We will be reviewing through all our security measures and protocols moving forward and more importantly, holding our partners to those very same standards. While nobody saw this coming, this could have been avoided. We can and will do better.“
According to MyCrypto, the attacker is currently sending hundreds of ETH using Tornado Cash, a tool that provides transaction privacy by breaking the on-chain link between the source and destination addresses. Hackers frequently use this tool to cover their transaction data.
Oh and that 40 ETH payout was just one line of many on that TX.
The account that executed these TXs is sending out 100s of ETH into @TornadoCash as we speak.https://t.co/08nW0fRBT6 pic.twitter.com/nHOmTQN4Fc
— MyCrypto.com (@MyCrypto) March 14, 2021
Explore all social tokens and NFT coins on CryptoSlate.