The platform has released a postmortem detailing the attack received. EasyFi has been the latest decentralized finance (DeFi) protocol to suffer at the hands of hackers.
Today, April 20, Ankitt Gaur, founder and CEO of the EasyFi DeFi protocol, detailed in an article an attack that resulted in the loss of up to $ 6 million from its liquidity pools.
The raid, which occurred on April 19, was a targeted attack that compromised administrative and mnemonic keys, which allowed the hacker to access funds and seize almost 3 million EASY tokens.
“We have obtained validation of the initial reports on the attack directed at the founder / MetaMask computer to access the administration keys and execute the well-planned hack.”
Targeted DeFi hack
Gaur stated that he was alerted to large protocol wallet transactions. The hacker accessed the liquidity of the USD, DAI and USDT protocol pools and transferred 2.98 million EASY tokens to your wallet address.
He added that EasyFi’s smart contracts were not compromised; was a mnemonic hack aimed at Gaur’s computer using a planned remote attack to access MetaMask.
“Since the machine is not used for day-to-day operations and is used only for official transfers, the hacker waited for the right moment to execute the hack in a well-planned manner.”
Gaur stated that most of the MetaMask attacks attempt to obtain the private keys or passphrases. However, in this case, the computer was compromised and wallets accessed from hard drive.
He added that the tokens had not yet been sold due to liquidity constraints. Gaur offered a reward of one million dollars if the hacker returned all of the pools.
The incident reinforces the argument that DeFi protocols are not entirely decentralized if the “CEO” still has all the keys. It is similar to the hack suffered by Hugh Karp, founder of Nexus Mutual, in December 2020, with the difference that the $ 8 million was withdrawn from Karp’s personal wallet and not from the protocol.
EasyFi is a Layer 2 DeFi lending protocol designed for digital assets powered by the Polygon network (formerly known as Matic). It was launched on Binance Smart Chain in early April and partnered with PancakeSwap to create yield farming incentives.
EASY token price drop
EasyFi’s native token plunged nearly 50% when the news broke, falling from about $ 26 to $ 13.50 in less than 24 hours.
When the article was written, EASY had recovered slightly and It was trading at $ 17.65.
The EasyFi Network post details a $ 6 million dollar DeFi hack was first seen on BeInCrypto.