Phantasma has been attacked – and is still standing tall!
The Incident – A Targeted Attack
On April 28th, a second attack perpetrated by the same entity responsible for the April 2nd BSC exploit took place on the Phantasma mainnet. The attack appears to have been timed to coincide with the “All clear” announcement after the previous attack. There is a transactional link connecting the BSC attacker to the current attack:
Within 20 minutes of having announced that migration of tokens to new token contracts on BSC and Ethereum was live, the attacker minted 10M SOUL through a code exploit. Of this, 4M SOUL was swapped to the Neo blockchain (see appendix for details). 1,293,586 SOUL was distributed to a total of 17 different Kucoin deposit addresses and immediately sold, while the remaining 2,706,414 SOUL is stored in a private wallet on Neo. It’s important to note that, during this attack, no token holder’s wallets were compromised and no token holder’s funds were stolen.
Disabling Cross-chain swaps and entering read-only
Being on high alert after recent events and monitoring on-chain and cross-chain activity, the incident was swiftly detected, and within approximately 10 minutes of the malicious exploit all Phantasma nodes had entered read-only mode while cross-chain swaps had been disabled, ensuring that the attacker could not move additional funds.
At the same time, our Security Response Team reached out to all centralized exchanges (Kucoin, Gate, Hotbit, Bitbns, BKEX, Coinspot) to halt deposits of SOUL providing the exchanges with proof of the exploit and a complete list of associated wallet addresses for the exchanges to enable them to immediately suspend the associated user accounts.
By the time all exchanges had cooperated and closed deposits, the mentioned 1,293,586 SOUL had been sold through a multitude of separate Kucoin accounts. All 17 addresses used by the attacker to offload exploit tokens have had their associated user accounts frozen by Kucoin.
A police report with evidence of the exploit has been filed, and our long standing relationship with Kucoin has ensured that Kucoin fully cooperates to ensure that the attacker cannot withdraw any ill-gotten gains that had not already been removed from the exchange prior to the user accounts being frozen.Considering the dual attacks executed by a single entity, and the timing of the second attack to take place near immediately after the resolution of the first, there is every reason to believe that the attacker’s motive is to attempt to cause maximum damage to Phantasma’s reputation. Whether this is due to feeling threatened by Phantasma’s capabilities and potential in the blockchain technology sector – or if the attacker simply thrives on causing disruption – remains under investigation. We are cautiously optimistic that, based on the bread crumbs that have been left behind, we will be able to identify the persons behind the attacks. We are closely working with forensic experts, exchanges, and law enforcement agencies to close the net. If anyone provides material information to the team which results in bringing the perpetrators to justice, they will receive 50,000 SOUL (one Soul Master) as a reward. Please contact [email protected] if you have any information that might be of importance. If you wish, you can remain anonymous.
We ask all our valued community members and token holders to stay alert in our social channels and to notify our community admins if you experience newcomers or members with a suspicious posting history attempting to fuel tension and sow discord. Also, please be vigilant and be aware that there are many scammers trying to prey on community members by DM’ing (admins will never DM first), creating false Telegram channels and other fake social media accounts.
The vulnerability was identified within 30 minutes by analyzing the malicious transactions and has been fully remedied.
Additional external auditors and blockchain experts have been engaged and have joined the forensic analysis of the Phantasma codebase to conduct a full audit.
Phantasma aims to ensure that there are no other vulnerabilities present in the codebase, and if there are, to ensure that they are identified, evaluated, and remedied.
We aim to render the attacker powerless and prove that Phantasma and its community stand together in the face of adversity. Challenges make us stronger, and this attack is part of the battle testing that enables Phantasma to evolve and provide a hardened, secure network for the dApps and games being developed on our platform.
Neo based SOUL
There will be a new token contract deployed on Neo, with distribution of new SOUL to token holders. This will render the attacker’s remaining funds on Neo worthless.
The team will continue to analyze transaction data on multiple chains. In the event provable connections to exchange wallets can be found, these will be supplied to law enforcement and exchanges to aid in identifying the attacker.
Phantasma has already supplied law enforcement with all current information about the attack, and will continue to do so as new evidence emerges.
Kucoin’s Suspended Accounts
We remain in close communication with Kucoin, and will proceed to retrieve any funds present in the attacker’s 17 accounts through due process.
As all centralized exchanges have complied with Phantasma’s request to suspend deposits, no more exploit tokens can reach these exchanges. Thus, there is no need to suspend trading and it will remain open.
The Attacker’s Remaining Funds
As the remaining 2,706,414 SOUL in the attacker’s wallet is landlocked on Neo with no exchange available to deposit to, there is no risk attached to these funds and they are for all intents and purposes already neutralized. Through the audit and following code changes the attacker’s remaining funds on the Phantasma mainnet will likewise be neutralized.
Binance Smart Chain and Ethereum
The migration process to new token contracts on Ethereum and Binance Smart Chain remains open, as well as trading on decentralized exchanges.
With the Phantasma nodes in read-only during code auditing and mitigation of the incident, cross-chain swaps will remain disabled.
While the recent incidents are disturbing and upsetting, every entity, whether it be a person, business or government, is vulnerable to hacks no matter how well protected. Blockchains are no exception to this. A number of blockchains with much larger market caps than Phantasma have been and will be victims of hacks. While protection is the first line of defense, the responsiveness of the team after an attack is what sets Phantasma apart. Where it took others hours and in some instances days to become aware of the attack and take action to mitigate the damage, it took the Security Response Team at Phantasma only 10 minutes to set all Phantasma network nodes to read-only mode and disable cross-chain swaps ensuring that the attacker could not move additional funds. Although attacks are unpredictable, we take security very seriously and pride ourselves on a solid track record which should give our partners and token holders confidence that their affairs are in good hands.We will remain transparent and communicative as the mitigation process unfolds. Rest assured that we are treating this matter with the utmost seriousnessand that all necessary steps will be taken to ensure a full resolution enabling Phantasma to reach its full potential.