April 9, 2021 - EasyFi, a DeFi Polygon Network-powered protocol: $81 million stolen

Cordalo simplify writing Corda applications.

On April 19, 2021, EasyFi, a DeFi Polygon Network-powered protocol, was the victim of a hack.  The attacker was able to extract 2.98 million EASY tokens and $6 million in USD, DAI, and USDT for a total value of about $81 million.

How the attack was carried:

By stealing the private keys to EasyFi’s MetaMask admin account, hackers were able to extract $6 million in USD, DAI, and USDT, plus 2.98 million EASY tokens, all of which amounted to around $81 million. The machine that was compromised to gain the keys was offline most of the time, only being switched on to perform official transfers for the project. When the attack was carried out, the machine had been offline for more than a week. And because it wasn’t actively used when the attack was carried out, this delayed the platform’s response and allowed the hacker to drain the assets from the protocol.

Solution

Dedicated notebook but with a hardware to avoid private key being copied