EasyFi, a layer 2 DeFi lending protocol, undergoes a hack to the tune of $6 million from protocol pools in USD/DAI/USDT. Founder and CEO, Ankitt Gaur addressed the incident on Twitter. He stated that:
On Monday, 19th April 2021 our team members reported the transfer of a large amount of EASY and protocol funds from designated contracts & wallets. initial investigation revealed the possibility of compromise of mnemonic phrase.
In a post mortem of the security incident, he further provided details about the hack. Large transfers of EASY tokens from EasyFi official wallets to some unknown wallets on ethereum network and polygon network were flagged by the team members on Monday. These transactions meant a possible compromise of admin keys or mnemonic keys “since the machine used for the purpose was not in use for at least a week and was completely offline.”
Before steps were taken to curtail the damage the hack caused, the hacker managed to get access to admin keys. The hacker had managed to steal about $6 million from protocol pools in USD/DAI/USDT and transfer 2.98 Million EASY tokens to wallet address: 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37, which allegedly belongs to the hacker.
Ankitt Gaur further reassured community members that the team will be investigating it thoroughly.
He also added:
“We have contacted Binance and AscendEx teams who have assisted us with suspending withdrawals/deposits of EASY tokens. The hacker has not actually moved the tokens from the wallet due to that and is not able to sell any significant amount on DEXes due to liquidity constraints.”
Subsequently, the official Twitter page of the project further warned users.
As mentioned earlier, users are requested NOT to interact with ANY of the contracts including $EASY token contract. Abstain from keeping any liquidity in DEXes.
We are in process of implementing an EASY token Hard Fork!
— @easyfi.network (@EasyfiNetwork) April 20, 2021