According to information provided by the team at EasyFi, it was reported that the hackers used a MetaMask attack to steal funds worth Millions of dollars by gaining illegal access to the network’s official wallet.
CEO of EasyFi, Ankitt Gaur, said that the hackers managed to hack into his computer, then proceeded to compromise the MetaMask browser extension to gain access to the EasyFi admin account on MetaMask, successfully acquiring sensitive private keys.
Gaur wrote in his statement that this attack was planned remotely, which lead to the drainage of precious liquidity from the protocol. Taking advantage of the private keys, the hacker managed to access EasyFi’s liquidity pools and acquired around $6 Million. In addition to the LP drain, the hacker also stole around $75 Million worth of EASY tokens. Gaur continued by mentioning that the compromised funds from LP were sent to an Ethereum address named Reb Bridge, then were converted and transferred to a bitcoin address. As for the tokens, they are still present on that specific Ethereum address.
EasyFi has issued an official announcement warning its users not to use any sorts of contracts related to the EASY token and must also refrain from storing any liquidity in DEXes. For now, the team at EasyFi is going to implement a hard fork in hopes of recovering the lost funds.
This is indeed one of the worst incidents that the DeFi-based project has had to face. Statistical data from sources show that the loss in Millions has definitely hurt the economy of EasyFi, dropping the price of its EASY token from $25 to $16.8.
The surprising thing is that this is not the first time that the project has faced a MetaMask attack. Back in December of 2020, the MetaMask browser extension was targeted, in which hackers managed to display a fake prompt to the founder of Nexus Mutual, tricking him into transferring more than $8 Million to the hacker.
This incident has put question marks on the security of the hot wallet used by the project, as people have started to express their anger and frustration on EasyFi. Crypto researcher Chris Blec mentioned several issues of EasyFi in his tweet, stating that this incident has highlighted the poor security solution for the admin key and the team at EasyFi has made a huge mistake for relying on a hot wallet, which has a track record of getting hacked and using it for official transactions.