EasyFi lost over $80 million in MetaMask attack.
The CEO stated that hackers have compromised the MetaMask browser extension by hacking into his computer.
EasyFi Network reported that an unknown hacker stole tens of millions of dollars worth of funds from its wallet.
Founder and CEO Ankitt Gaur confessed in a blog that the hacker has compromised private keys to EasyFi’s admin account around 10:40 AM UTC last April 19.
With the use of the compromised private key, the hacker drained $6 million from EasyFi’s stablecoin liquidity pools. They then stole another 2.98 million EASY tokens worth $75 million during the hack.
Gaur further elaborated that the hackers compromised the MetaMask browser extension by hacking into his computer.
Funds that have been drained from liquidity pools were sent to Ren Bridge on Ethereum, converted into 123 Bitcoin, and sent to this Bitcoin address. Concurrently, the stolen EasyFi tokens sit at the hacker’s Ethereum address.
Commentators from social media criticized EasyFi for using a hot MetaMask wallet for managing its smart contract.
The incident is not the first time a noteworthy DeFi project has been sabotaged with the use of MetaMask wallet.
Last December 2020, a fake MetaMask popup was used to trick the founder of Nexus Mutual into transferring over 8 million to a hacker. In both cases, the MetaMask web extension was altered with the machine’s disk.
EasyFi has requested their users not to interact with its token contracts and withdraw all the liquidity in different DEXes.
The team has been planning to implement an EASY token hard fork to recover the stolen funds. For the meantime, exchanges have suspended withdrawal and deposit of EASY tokens for now.
The hack has harmed the value of EASY tokens, with the price tumbling from $25 to $16.82 as of now.
📣 Cryptonetwork.News is now on Telegram. Click here to join our channel and stay updated with the latest Cryptocurrency, Blockchain, and Cryptomining headlines