Date:: March 5th, 2021
Amount Stolen:: $160,000,000
Tags:: 🔑 Private Key Compromise
$160M (PAID) minted and sold.
other indicators: exit swiftly to tornado. midnight utc. Inside Job speculation. CISA/FBI shilled report on Laz/crypto within a week.
PAID Network, a crypto project that utilizes an Ethereum-based token, has suffered a Smart Contract, resulting in the minting of nearly $160 million worth of tokens by the attacker.
On March 5, 2021, the PAID Network smart contract was compromised by an attacker. By exploiting flaws in how the smart contract was secured and managed, the attacker was able to extract approximately $100 million worth of $PAID tokens, and converted about $3 million of it to Ether before being blocked by the PAID Network team.
The PAID attacker took advantage of poor Private Key Compromise practices at PAID, not a vulnerability in the PAID smart contract. The network relied on a single private key to manage control over the smart contract; by compromising that private key, the attacker was able to gain control over the upgrade functionality of the contract
0x18738290af1aaf96f0acfa945c9c31ab21cd65be
-
So this chapter wasn't on the map when we started out, but in the light of recent discussions in #TheFUDpit I felt this was needed to clear some things up. Let's have a look at the $GPOOL community's original $ARC(h) villain Alex Hong.
-
So the bad stuff here took place on February 4th. The creator wallet of the $DEPO MasterChef contract called the Emergency Reward Withdrawal function on the $BTC, $USDC & $USDT staking contracts, resulting in a claim of 13.4 million $DEPO that were instantly dumped on @Uniswap
-
This was followed by the creation of Dummy tokens that somehow was used to withdraw and additional 16 million $DEPO from the single sided staking rewards. Don't ask me how, it just happened. Over the following 10 days, another 180k tokens were withdrawn from these pools.
-
In total, the dumped $DEPO tokens caused a massive dip in the charts and gave the hacker a neat bag of just over 580 $ETH or more than $1.7 million at the time. The funds were transferred to a secondary wallet and sent to @TornadoCash in batches of 5x100, 7x10 and 8x1 $ETH
-
As seen on the @AppBreadcrumbs chart below, this was sadly where the trace ended. The @DeFi_ARC team informed the community that former CTO Alex Hong had been reported to the authorities as the man responsible for the hack.
-
So is this story true? Or was Alex Hong just a pawn doing the bidding of @TheGlitchFather all this time? Or is Alex Hong in reality just another secret identity of @theonlyfox83 ? (You know, like @sigwo apparently is.) Yes, all of this has been actual speculations.
-
To answer the first question. No. Alex Hong did get hired by $DEPO to a recruiting firm on Bali via @RobyWeir_Stak . There are a lot of shady developers in crypto space, and there is absolutely nothing suggesting Roby or Sean have any involvement in what happened.
-
If you consider this logically. Both having big bags of $DEPO had little to gain from the project being compromised. Especially @TheGlitchFather who had held his seed tokens mentioned in the previous chapter would have been much better off by continued momentum.
-
Regarding @theonlyfox83 I'm afraid the answer is also negative. George, Steven and Alex are all different individuals. One of them you can even find on @GoogleStreetV if you do your due diligence. Looking at the pictures below, most people will be able to separate the three.
-
Alex have a long history of displeased employers, and he seems to struggle with keeping a position for an extended period of time. It's almost like these projects frown upon being robbed by their employees.
-
So I guess that's all for today. It's very sad we never had the possibility to get deeper on this due to the smooth and mistake free way Alex went about to execute his master plan.
-
Just kidding, of course there's more to this. Alex actually has his own Twitter account, @ivanche90705289 . Perhaps there are clues to be found?
-
It would appear like mr Hong posted faucet requests for his testnet wallets. 3 of them actually. One of these wallets actually deployed the testnet edition of $Depo MasterChef.
Quote Alex @ivanche90705289 Dec 10, 2021 0x8491B3921DCB0dF0F9D530937E03280fbC14B225
14.But does this even matter? Surely a skilled con artist that had the mind to push the funds through @TornadoCash would not use wallets posted in public to retreive those funds? Let's see what we get by pushing Faucet request 2 through @AppBreadcrumbs
15.All of a sudden we have located the exit point for 9 out of the 20 $ETH transactions. A little bit of extra poking around and we find 4 more, meaning we have now accounted for 472 of the 578 missing $ETH and we have found Alex' Gate deposit.
16.Once the funds were at Gate, Alex started exchanging them for stables and sent them out the other side. He did however re-use a wallet from the $ETH transfers, and without isolating the funds it's easy for us to get back on track.
17.Looking at the flow of stables, we locate Alex OKX and Binance deposits, for some reason the Binance refuse to show up in this chart though.
18.The charts posted here are extremely simplified just to show the routing of the main funds. Alex used hundreds of wallets to cover his tracks and jumped between several exchanges. Most likely the 106 $ETH I have yet to locate initially ended up at Kucoin and/or Kraken
19.Anyone willing to look deeper might find more deposits, if so - feel free to reach out and I will add it to the @AppBreadcrumbs project. What we currently have could be enough to move this forward though.
20.Alex Hong is a real person and have left us years of traces on chain, but it seems likely that this might not be his real identity. The traffic he pushed through these exchanges would require a KYC though. Unless he has faked them, this would be the key to finding him.
21.Before ending this thread, some messages will follow in the posts below. @AppBreadcrumbs project link: https://breadcrumbs.app/reports/2698
- @TJDeFi and @theonlyfox83 Please to update your @FBI report with the information in this thread to see if that could give them a push.
OKX deposit: 0x11C23ac03B32823B186CcB00cE351bc36b1D7453
Gate deposit: 0x7B101015f126f0fFd973f191EfB221ed548ED90B
Binance deposit: 0x97B1043ABD9E6FC31681635166d430a458D14F9C
FTX deposit: 0xbec1b7dAFa723a19eD6c44A21B436d95d5869a91
Kraken outbound txn: 0xa398eac176707a75775b6eac7f1bb91988f26d0c38f7bb7b5966ab5abb085c69 0x81df2fcc8a0e45df9c003fa51c5523489783bc72ddfcb9933e4327eafa3e5758
ChainAbuse report: https://chainabuse.com/report/fd685c77-cf02-4e77-b942-2d261b95e756
From:: 0x18738290af1aaf96f0acfa945c9c31ab21cd65be To:: 0x8c8687fc965593dfb2f0b4eaefd55e9d8df348df (PAID Network: Old Contract) Txn:: 0x4bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0 Day:: Friday Date:: March 5th, 2021 Time:: 06:03 PM +UTC Function:: mint(address _owner, uint256 _amount)
https://paidnetwork.medium.com/paid-network-attack-postmortem-march-7-2021-9e4c0fef0e07 https://slowmist.medium.com/slow-mist-analysis-of-paid-networks-hacked-event-b13a44415131 https://rekt.news/paid-rekt/ https://quadrigainitiative.com/casestudy/paidnetworkhack.php https://web3rekt.com/hacksandscams/paid-network-382 https://theblockcrypto.com/linked/97411/paid-network-token-minting-exploit-eth https://twitter.com/paid_network/status/1368424463147003912
Former Depo CTO Alex Hong drained the rewards for 4 staking pools on feb. 4th 2022, a total of 29.5 million tokens. These were dumped on Uniswap for eth and sent to tornado.cash 578 ETH
on Aug 16, 2022 UselessChris
Reported Addresses
- 0x6FFe6e183571139636B9479Ca65CF99eDc6BE215
- 0x10Da75631D05fCdf5451cFd70eAff6BF343307e9
- 0x45308f6abFC1c131d89Ef41E519651b30A4f517d
- 0x2BE102d023cF0432362bE3708b63237377aC2687
- 0x8491B3921DCB0dF0F9D530937E03280fbC14B225
- 0x9CAcfCB41Cb1dB76fa6E632f62FabAbd8118bfa1
- 0x7B101015f126f0fFd973f191EfB221ed548ED90B
- 0x11C23ac03B32823B186CcB00cE351bc36b1D7453
- 0x97B1043ABD9E6FC31681635166d430a458D14F9C
https://chainabuse.com/report/fd685c77-cf02-4e77-b942-2d261b95e756