Fantom Foundation, the smart contract and Dapp platform renowned for its transaction efficiency, has fallen victim to a phishing scam resulting in the loss of millions from its crypto wallets.
Blockchain security firm CertiK has reported the foundation’s losses of approximately $470,000 in Fantom and an additional $187,000 in Ethereum. The stolen assets, now totalling around $7 million, were consolidated into a wallet that CertiK identified.
Hack Impacts Fantom Foundation
The recent hack, disclosed on Tuesday, has targeted the Fantom Foundation, which oversees the development of the Fantom blockchain. This malicious event has triggered a decline in the price of the Fantom token (FTM) by 4.52%, with its value dropping from $0.1855 to $0.1771, approaching a seven-day low. It’s important to note that this breach only affects the Fantom Foundation and not the blockchain itself.
Phishing Scam and Stolen Assets
CertiK, the blockchain security firm investigating the incident, has revealed that the stolen funds from the Fantom Foundation have been consolidated into a wallet containing roughly 4,500 ETH, equivalent to approximately $7 million. The stolen assets include various tokens from Fantom, such as ETH, Tether (USDT), USD Coin (USDC), Dai stablecoin (DAI), Convex token (CVX), Fantom USD (FUSD), and others.
Fantom Foundation wallets have been drained on Ethereum and Fantom
So far we can confirm:
Fantom: Foundation Wallet 20 lost ~$470k on FTM
Fantom: Foundation Wallet 18 lost at least ~$187k on ETHWe will continue to track https://t.co/KnyqgaO4CB
— CertiK Alert (@CertiKAlert) October 17, 2023
The extent of the breach remains uncertain, with estimates suggesting that the losses could reach as much as $6.7 million. A wallet possibly belonging to a team member of the Fantom Foundation incurred a loss of $3.4 million, while several non-tagged wallets seemingly controlled by foundation team members were also affected.
Hacker’s DeFi Expertise
Blockchain sleuth Spreek, known for its pseudonymous online presence, suggests that the hacker displayed a deep understanding of the decentralized finance (DeFi) ecosystem. The breach involved unwinding complex DeFi activities, indicating the perpetrator’s familiarity with the DeFi space.
The identity of the hacker responsible for this breach remains shrouded in mystery, and neither CertiK nor the Fantom Foundation has provided immediate comment or clarification on the incident.
North Korean Lazarus Group Suspected
While the identity of the perpetrator remains unknown, recent high-profile crypto hacks have been attributed to the North Korean Lazarus Group. Notably, the Lazarus Group was implicated in the $54 million CoinEX trading platform hack in September and the $100 million Atomic wallet hack in June. Blockchain investigators at Elliptic have suggested that the group has shifted its focus from decentralized finance protocols to centralized entities using social engineering attacks.
While the Lazarus Group is a potential suspect in the $477 million FTX hack in November, Elliptic believes that Russian entities may be more likely responsible for this particular attack. The ongoing investigation into the Fantom Foundation’s breach will provide further insights into the identity and motivations of the hacker involved.
Also Read:
Stake.com’s $41 Million Heist: FBI Connects The Dots To North Korean Hacker Group Lazarus