throwaway_help (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
May 18, 2022, 10:48:16 AM |
|
So like the title says, our project got hacked, we don't even know the attack vector, how the wallets were accessed and the funds drained, we hired a security company and we're waiting on their report and following up with legal action as soon as we have some answers and IP addresses.
For now, I - a non-technical member of the team- have a question, is there a possibility to cancel the tokens he stole without having to migrate to a new contract? He used the tokens to drain our pool on the dex we're using, so it stands to reason that any liquidity we use to repopulate the pool will be drained in a similar manner.
|
|
|
|
g-uid
Member
Offline
Activity: 259
Merit: 18
|
|
May 18, 2022, 01:46:47 PM |
|
So like the title says, our project got hacked, we don't even know the attack vector, how the wallets were accessed and the funds drained, we hired a security company and we're waiting on their report and following up with legal action as soon as we have some answers and IP addresses.
For now, I - a non-technical member of the team- have a question, is there a possibility to cancel the tokens he stole without having to migrate to a new contract? He used the tokens to drain our pool on the dex we're using, so it stands to reason that any liquidity we use to repopulate the pool will be drained in a similar manner.
depends on a number of variables. without details of the token/contract one cannot say for sure. "we don't even know the attack vector" how well do you know your team?
|
|
|
|
Bitstar_coin
|
|
May 18, 2022, 02:07:42 PM |
|
"How well do you know your team?" That's the big question and probably one of the important aspects of a hacking case. People form teams from different parts of the world with different professions so obviously, you can only know them through their online profiles (thanks to LinkedIn) but you don't actually know the motives of these People and how trusted they are. My point is, perhaps this is an inside job.
Am not a tech person but I understand that the best way is changing the smart contract address to render the stolen tokens useless or ask the dex for help by stopping trading so they can trace and block that address assuming this only trading in this dex.
|
|
|
|
throwaway_help (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
May 18, 2022, 02:29:14 PM |
|
"How well do you know your team?" That's the big question and probably one of the important aspects of a hacking case. People form teams from different parts of the world with different professions so obviously, you can only know them through their online profiles (thanks to LinkedIn) but you don't actually know the motives of these People and how trusted they are. My point is, perhaps this is an inside job.
Am not a tech person but I understand that the best way is changing the smart contract address to render the stolen tokens useless or ask the dex for help by stopping trading so they can trace and block that address assuming this only trading in this dex.
Changing the contract address at this stage would probably cost us more than the theft itself did, so we're leaving this nuclear option as a last resort.
|
|
|
|
throwaway_help (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
May 18, 2022, 02:40:48 PM |
|
So like the title says, our project got hacked, we don't even know the attack vector, how the wallets were accessed and the funds drained, we hired a security company and we're waiting on their report and following up with legal action as soon as we have some answers and IP addresses.
For now, I - a non-technical member of the team- have a question, is there a possibility to cancel the tokens he stole without having to migrate to a new contract? He used the tokens to drain our pool on the dex we're using, so it stands to reason that any liquidity we use to repopulate the pool will be drained in a similar manner.
depends on a number of variables. without details of the token/contract one cannot say for sure. "we don't even know the attack vector" how well do you know your team? Well, I know my team fairly well and can access most of the data I need, what more details would you need to know something like this? I'm merely asking about the possibility of canceling tokens associated with a certain address.
|
|
|
|
asriloni
Legendary
Offline
Activity: 3192
Merit: 1033
Leading Crypto Sports Betting & Casino Platform
|
|
May 19, 2022, 02:48:52 AM |
|
So like the title says, our project got hacked, we don't even know the attack vector, how the wallets were accessed and the funds drained, we hired a security company and we're waiting on their report and following up with legal action as soon as we have some answers and IP addresses.
Im feeling so bad with it. It seems like that hacked may have drained the whole of funds in the wallet, right? There shall be a vulnerability in the code, this may be right as your wallet can be accessed. This pretty similar thing with what happened with vulcan forged. For now, I - a non-technical member of the team- have a question, is there a possibility to cancel the tokens he stole without having to migrate to a new contract? He used the tokens to drain our pool on the dex we're using, so it stands to reason that any liquidity we use to repopulate the pool will be drained in a similar manner.
No chance for this. That's why as developers and you must also put very important function to your smartcontract to avoid this like frozen or blocking function into your smartcontract. if your smartcontract didn't contain this function and that's impossible to cancel the tokens.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
vv181
Legendary
Offline
Activity: 1932
Merit: 1273
|
|
May 19, 2022, 09:47:55 AM |
|
~ is there a possibility to cancel the tokens he stole without having to migrate to a new contract? He used the tokens to drain our pool on the dex we're using, so it stands to reason that any liquidity we use to repopulate the pool will be drained in a similar manner.
There is none. How could you expect such things is possible? especially since the attack vectors are unknown and even if it is known, the fund that have been lost has nearly zero chance to get it back. Have you heard if there is any vulnerability of another project that results in the funds can be retrieved back? I don't think so. Why exactly would you think that possible anyway.
|
|
|
|
masterrex
|
|
May 19, 2022, 10:38:19 AM |
|
Damnit this incident is very common nowadays, and this is bad the negative side of Defi hype is full of exploits coming from different angles. Anyway, I think this is a technical question that's why it's better to ask this problem to someone who has that technical expertise about smart contract functions, But I believe some of the technical people are here on this forum so just wait for other users reply.
|
|
|
|
throwaway_help (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
May 19, 2022, 11:13:37 AM |
|
Damnit this incident is very common nowadays, and this is bad the negative side of Defi hype is full of exploits coming from different angles. Anyway, I think this is a technical question that's why it's better to ask this problem to someone who has that technical expertise about smart contract functions, But I believe some of the technical people are here on this forum so just wait for other users reply.
Yes my friend, this is why I asked here, I thought this is the best place to get an informed answer.
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2688
Merit: 3969
|
|
May 19, 2022, 12:00:07 PM |
|
is there a possibility to cancel the tokens he stole without having to migrate to a new contract?
If there is a line in the smart contract that allows you to freeze funds, you will be able to do it even if the funds are in wallets. Otherwise, you will need to completely change the smart contract. Generally, finding a vulnerability in a smart contract is not an easy so either your technical team has low technical knowledge or there is a possibility of an internal hack, in any case you need to study how the hack occurred to ensure that it does not happen again.
|
|
|
|
throwaway_help (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
May 19, 2022, 12:04:49 PM |
|
is there a possibility to cancel the tokens he stole without having to migrate to a new contract?
If there is a line in the smart contract that allows you to freeze funds, you will be able to do it even if the funds are in wallets. Otherwise, you will need to completely change the smart contract. Generally, finding a vulnerability in a smart contract is not an easy so either your technical team has low technical knowledge or there is a possibility of an internal hack, in any case you need to study how the hack occurred to ensure that it does not happen again. The contract was audited by a reputable company, so slim chance it has any vulnerabilities, more likely an end device was hacked, but we're still trying to determine that, also, my team doesn't have low technical knowledge, I'm just conducting my own investigation to present some solutions during our meeting.
|
|
|
|
g-uid
Member
Offline
Activity: 259
Merit: 18
|
|
May 19, 2022, 12:30:37 PM |
|
is there a possibility to cancel the tokens he stole without having to migrate to a new contract?
If there is a line in the smart contract that allows you to freeze funds, you will be able to do it even if the funds are in wallets. Otherwise, you will need to completely change the smart contract. Generally, finding a vulnerability in a smart contract is not an easy so either your technical team has low technical knowledge or there is a possibility of an internal hack, in any case you need to study how the hack occurred to ensure that it does not happen again. The contract was audited by a reputable company, so slim chance it has any vulnerabilities, more likely an end device was hacked, but we're still trying to determine that, also, my team doesn't have low technical knowledge, I'm just conducting my own investigation to present some solutions during our meeting. suggest you share the contract if you want more informed opinions
|
|
|
|
throwaway_help (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
May 19, 2022, 12:43:12 PM |
|
is there a possibility to cancel the tokens he stole without having to migrate to a new contract?
If there is a line in the smart contract that allows you to freeze funds, you will be able to do it even if the funds are in wallets. Otherwise, you will need to completely change the smart contract. Generally, finding a vulnerability in a smart contract is not an easy so either your technical team has low technical knowledge or there is a possibility of an internal hack, in any case you need to study how the hack occurred to ensure that it does not happen again. The contract was audited by a reputable company, so slim chance it has any vulnerabilities, more likely an end device was hacked, but we're still trying to determine that, also, my team doesn't have low technical knowledge, I'm just conducting my own investigation to present some solutions during our meeting. suggest you share the contract if you want more informed opinions I would be breaking my confidentiality agreement if I did so, I can't do that until the whole thing is public.
|
|
|
|
ItsNotSean
Member
Offline
Activity: 70
Merit: 12
|
|
May 19, 2022, 03:04:01 PM |
|
The contract was audited by a reputable company, so slim chance it has any vulnerabilities, more likely an end device was hacked, but we're still trying to determine that, also, my team doesn't have low technical knowledge, I'm just conducting my own investigation to present some solutions during our meeting.
Code audits are helpful but they are by no means definitive proof of anything. More than a few projects that were audited by established and respected teams have gone on to have exploits discovered upon release. The most recent publicised one I can think of was critical exploit in MinSwap's smart contract(s) discovered by Wingriders (a competitor swap/dex on the Cardano network) once they went open source.
|
|
|
|
|