Fantom Foundation hot wallet hacked for $550K
The Fantom Foundation lost $550,000 worth of cryptocurrency through a vulnerability in the official Fantom wallet.
The Fantom Foundation, the developer of the Fantom network, has been hacked for over $550,000 worth of cryptocurrency. The foundation confirmed the attack on X, claiming that most of the funds stolen belonged to other users and that 99% of the foundation’s funds remain safe. The team is currently investigating the attack, it stated.
— Fantom Foundation (@FantomFDN) October 17, 2023
Blockchain security researchers initially reported that the attacker stole approximately $7 million in crypto. The Fantom Foundation later released an official statement saying that some of the wallets labeled “Fantom: Foundation wallet” were mislabeled by block explorers and that not all the stolen funds were from the foundation. According to the team, some of the wallets impacted initially belonged to the foundation but had since been reassigned to a Fantom employee and were no longer holding company funds. The team is currently investigating the attack in an attempt to determine how the wallets were compromised.
The Fantom Foundation is the developer behind the Fantom network, an Ethereum Virtual Machine-compatible smart contract platform. The network has over $45 million in assets locked within its contracts, according to DefiLlama. The attack was against the foundation and other Fantom wallet users, not against the Fantom network.
total attacker profit (may not all necessarily be from fantom or related wallets) seems to be ~$6.7m pic.twitter.com/0rkDHULsdI
— Spreek (@spreekaway) October 17, 2023
On Oct. 17, On-chain sleuth Spreek reported on X that the foundation was “allegedly” attacked, based on a report from Telegram. They later listed the hacked wallets and estimated losses at $6.7 million, but also stated that the drained funds may have included other sources outside the Fantom Foundation.
Related: Fantom DEX rescued at eleventh hour following planned shutdown
Blockchain security platform CertiK confirmed that the foundation had been hacked. It initially estimated losses at $657,000 but later updated this figure to approximately $7 million. Delving into the blockchain data shows that an account labeled “Fantom Foundation Wallet 1” by Etherscan sent over 2,000 CVX, 1,000 Dai (DAI), 4,500 USD Coin (USDC) and other tokens to a wallet labeled “Fake_Phishing188024.” In addition, an account labeled “Fantom Foundation Wallet 20” by the Fantom network block explorer sent over 1 million FTM (FTM) to an account labeled “Fake_Phishing32.” When a development team sends funds to a known scam account, this generally indicates that the team’s private key has been stolen.
Update October 17, 6:40 pm UTC: This article has been updated to include an official statement from the Fantom Foundation on X.
Update October 17, 5:55 pm UTC: This article has been updated to show that CertiK increased its estimate of total losses and to provide statements from a Fantom Telegram group admin.
This is a developing story, and further information will be added as it becomes available.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.