The Incident
At 03:33:53 UTC on April 2nd an incident occurred on Binance Smart Chain where an attacker managed to mint additional SOUL and KCAL tokens. The amounts represented <1% additional supply of SOUL and >1*10^9 times the supply of KCAL on BSC.
The attacker proceeded to cross-chain swap parts of this to the Ethereum blockchain (500k SOUL and 20M KCAL) and used the tokens to extract liquidity (BNB and ETH) from the SOUL and KCAL pools on Uniswap and PancakeSwap equivalent to a total fiat value of approximately $1.2M. In addition, 185 BNB was drained from the compromised smart contract address.
The extracted BNB and ETH has been funneled in batches through Tornado Cash making it exceedingly difficult to trace.
The attacker’s main addresses;
- Binance Smart Chain: 0x82ec6e975c1f0eb596f324b4f6562c33cc5b861b
- Ethereum: 0x82ec6e975c1f0eb596f324b4f6562c33cc5b861b
The Cause
The root cause for the exploit on Binance Smart Chain was a compromised private key providing access to a single smart contract on Binance Smart Chain. The incident has been thoroughly analyzed by the team, including the source of the private key / how it was generated years ago.
The investigation showed that the private key had been generated using a flawed cryptographic algorithm which used the timestamp of its creation as a determining factor for the private key being generated. Hence, if an attacker was able to assess approximately when a private key was generated (for example based on initial wallet activity), it would be theoretically possible to brute force the private key.
All other private keys have been verified to not be vulnerable, hence this attack vector currently does not exist on either Phantasma’s blockchain or auxillary systems like cross chain asset swaps or token variants on other blockchains.
Initial Mitigation
The attacker’s minting of additional tokens on Binance Smart Chain was discovered by the team within approximately 20 minutes. Calls to action across continents to core team members immediately went out, and within approximately 10 minutes cross-chain swapping of assets had been disabled and Phantasma RPCs set to read-only mode to limit the attacker’s ability to cause additional damage. Four hours later both SOUL and KCAL token contracts across Ethereum and Binance Smart Chain were paused, effectively disabling trading on the decentralized exchanges Uniswap and PancakeSwap. The first of multiple incident announcements was published to our community around the same time.
After thorough verification that no Phantasma servers had been breached and that the Phantasma mainnet was not affected by the incident, Phantasma RPCs resumed normal operations the next day, April 3rd.
Calls to liquidity providers on Uniswap and PancakeSwap to coordinate removal of remaining liquidity for pools using the old contracts went out across socials on April 4th, and liquidity providers who verified ownership of a wallet providing liquidity on Uniswap / PancakeSwap were invited to a restricted channel on Discord where liquidity removal has been coordinated through multiple sessions lasting a few minutes each time to accommodate various time zones, and the majority of the remaining liquidity across all DEX pools has been successfully withdrawn.
The cross-chain liquidity incentivization dApp Phantasma Pharming was reactivated on April 4th to enable liquidity providers to claim rewards earned before the incident.
Cross-chain asset swapping between the Phantasma mainnet and Neo resumed on April 4th enabling mainnet token holders to trade SOUL on centralized exchanges and those holding tokens on centralized exchanges to cross-chain swap and stake their SOUL on the Phantasma mainnet.
Migration Preparation
With a compromised smart contract on Binance Smart Chain and skewed token balances after the attack, new swap smart contracts as well as new token contracts and a migration smart contract were all prepared to enable token holders to safely migrate their assets on Ethereum and Binance Smart Chain. The new token contracts were based on a twice audited smart contract template previously used by GhostMarket to deploy their $GM token.
- New token smart contracts for Ethereum and Binance Smart Chain
- CertiK audit of the smart contract template
- Migration Smart Contract on the Ethereum Ropsten testnet
In parallel with this, a migration dApp was coded to enable safe and easy migration to the new token smart contracts.
To reimburse liquidity providers and traders affected by the incident, as well as enabling all token holders to claim correct amounts of new tokens, the following operations were undertaken:
- Ethereum and Binance Smart Chain snapshots of SOUL and KCAL balances were taken at the last block before the attacker’s first trade on Uniswap and PancakeSwap (Snapshots: Ethereum block height 14504583, Binance Smart Chain block height 16584715)
- Ethereum and Binance Smart Chain snapshots were taken of LP NFT data for Uniswap and LP token holdings for PancakeSwap at the last block before the attacker’s first trade on Uniswap and PancakeSwap
- Ethereum and Binance Smart Chain snapshots were taken of LP NFT metadata for Uniswap and LP token holdings for PancakeSwap at a block height after token contracts were paused
- Public addresses that withdrew their provided liquidity from Uniswap and PancakeSwap between the time of the incident and when the token contracts were frozen were collected
- All trading data for Uniswap and PancakeSwap from the time of the incident until the token contracts were paused was fetched from Ethereum and Binance Smart Chain
- The mathematical algorithms used by our cross-chain liquidity incentivization protocol Phantasma Pharming was adjusted and applied to the LP NFT metadata and LP token balances to assess both initial balances held in the Uniswap and PancakeSwap pools before the incident and the amount of ETH and BNB drained from each individual liquidity provider
- All trading data was analyzed to assess net buying and selling activities as well as amounts spent or gained through trading during this period
- The liquidity provider data and trading data was then combined with the snapshot data of SOUL and KCAL balances held before the incident to calculate correct claimable amounts of SOUL and KCAL on the new contracts.
The above operations have been performed methodically and meticulously to protect our valued token holders and community members.
The Migration
With all calculations finalized and the data sets synthesized to produce final claimable amounts of tokens on the new smart contracts, the SOUL and KCAL smart contracts as well as the migration smart contract were all deployed to the Ethereum and Binance Smart Chain mainnets, with the migration dApp to be published as a subdomain of the Phantasma website on Wednesday April 27th
We recommend that all token holders migrate at their earliest convenience. There is no set end date for the migration, but there is no reason to delay the claiming of new, valid Erc20 and Bep20 SOUL and KCAL.
Contract Addresses
We recommend that everyone imports the new, valid smart contract addresses into your Metamask / Trust wallets.
Ethereum
- Ethereum SOUL token smart contract (Etherscan)
- Ethereum SOUL token smart contract hash: 0x75858677e27C930FB622759FeafFeE2b754Af07F
- Ethereum KCAL token smart contract (Etherscan)
- Ethereum KCAL token smart contract hash: 0x47C1178F49140ECdBfbdF0aE2935cDB640D579F9
Binance Smart Chain
- Binance Smart Chain SOUL token smart contract (BSCscan)
- Binance Smart Chain SOUL token smart contract hash: 0x298Eff8af1ecEbbB2c034eaA3b9a5d0Cc56c59CD
- Binance Smart Chain KCAL token smart contract (BSCscan)
- Binance Smart Chain KCAL token smart contract hash: 0x855EA8048E1852996429A50aBdA60F583909d298
Uniswap – PancakeSwap
Using the new token smart contracts, new pools have been created on Uniswap and PancakeSwap and initial seed liquidity has been provided. Please note that the old token contracts and liquidity pools on decentralized exchanges are deprecated and should never again be traded on.
Our Pharming dApp has been adjusted to reward liquidity providers on the new pools. In appreciation of the members of our community providing liquidity, and to help bootstrap healthy liquidity in the pools, Pharming rewards have been doubled for the next three months. This means that an additional 100,000 SOUL and 547,500 KCAL have been added from team reserves for a whopping total of 200,000 SOUL and 1,095,000 KCAL in the reward pools spread across the coming three months!
Read more about Phantasma Pharming, or browse the Pharming tutorial.
- SOUL/ETH pool on Uniswap
- SOUL/ETH trading on Uniswap
- KCAL/ETH pool on Uniswap
- KCAL/ETH trading on Uniswap
- SOUL/BNB pool on PancakeSwap
- SOUL/BNB trading on PancakeSwap
- KCAL/BNB pool on PancakeSwap
- KCAL/BNB trading on PancakeSwap
Cross-Chain Swaps
With new token contracts deployed on Ethereum and Binance Smart Chain, and migration ongoing, bidirectional cross-chain swapping of migrated SOUL and KCAL between the Phantasma mainnet and Ethereum / Binance Smart Chain will be enabled at the same time that the migration dApp goes live on Wednesday April 27th. Please note that as a matter of course, any attempt to cross-chain swap deprecated SOUL and KCAL will fail.
Everyone working with and for the growth of Phantasma would like to extend our heartfelt gratitude for the support and patience shown by our community and partners throughout the resolution of the incident. We are proud to call each and every person supporting Phantasma’s future growth part of our extended Phamily!
With Love and Dedication,
Your Phantasma Team
Leave A Comment