Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » EasyFi Hacked for Over $80 Million in MetaMask Attack

EasyFi Hacked for Over $80 Million in MetaMask Attack

by

CEO said hackers compromised the Metamask browser extension by hacking into his computer.

Personal Tokens Crash as Roll Suffers Nearly $6M Hack
Shutterstock cover by Makstorm

Key Takeaways

  • EasyFi CEO said that private keys to the project's admin MetaMask account had been compromised.
  • Using the compromised private key, the hacker drained $6 million from EasyFi's stable coin liquidity pools.
  • Hacker additionally stole 2.98 Million EASY tokens worth $75m at the time of the hack.

Share this article

EasyFi Network, a Layer-2 DeFi project on Polygon Network, reported that an unknown hacker stole tens of millions of dollars worth of funds from its official wallet.

Admin MetaMask Wallet Compromised 

Founder and CEO Ankitt Gaur admitted in a blog that the hacker compromised private keys to EasyFi’s admin MetaMask account around 10:40 AM UTC on Apr. 19.

“Mnemonic phrase/admin keys were compromised from the MetaMask under a planned remote attack which was used to drain liquidity from the protocol,” Gaur wrote.

Using the compromised private key, the hacker drained $6 million from EasyFi’s stablecoin liquidity pools. They additionally stole 2.98 million EASY tokens worth $75 million at the time of the hack.

CEO Gaur further explained hackers compromised the Metamask browser extension by hacking into his computer.

“My computer was compromised, and Metamask was altered from the disk.”

Funds drained from liquidity pools were sent to Ren Bridge on Ethereum, converted into 123 Bitcoin, and sent to this Bitcoin address. Meanwhile, the stolen EasyFi tokens sit at the hacker’s Ethereum address.

Commentators on social media criticized EasyFi for using a hot MetaMask wallet for managing its smart contract.

https://twitter.com/ChrisBlec/status/1384327450084118529

This incident is not the first time a noteworthy DeFi project was sabotaged using MetaMask wallet.

In December 2020, a fake MetaMask popup was used to trick the founder of Nexus Mutual into transferring more than 8 million to a hacker. In both cases, the MetaMask web extension was altered through the machine’s disk.

EasyFi has requested users not to interact with its token contracts and withdraw all liquidity in various DEXes.

The hack harmed the value of EASY tokens, with price tumbling from ~$25 to $16.82 at the time of writing, as per CoinGecko.

Update: EasyFi Network has conducted a hard fork, and created a new token contract in an effort to compensate users affected by the hack. The team has also changed the ticker symbol of tokens from EASY to EZ. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.