Fantom Foundation Wallets Compromised in Suspected Chrome Exploit
Fantom Foundation's wallets were reportedly compromised with a suspected Google Chrome zero-day exploit. While the breach resulted in a loss of $550K from the Foundation's funds, over 99% of their assets remain secure. The attacker demonstrated expertise in the DeFi ecosystem, with total gains estimated at $6.7 million.
Fantom Foundation announced that several of their wallets were compromised. Reports confirmed that a number of Fantom wallets were affected earlier today, which involved a loss of approximately $550K in Fantom Foundation funds. However, it's reassuring to note that over 99% of the Fantom Foundation's funds remain unaffected by this breach and are currently secure.
Initial speculations suggest a zero-day exploit in Google Chrome might be the underlying cause. Although the exact nature and mechanism of the attack are still under investigation, it's apparent that the vulnerabilities extended beyond just the Foundation's official wallets. One of the Foundation's employees had their personal wallets compromised, further solidifying the suspicion of a targeted attack against the organization and its affiliates. This particular breach emphasizes the importance of continuous cybersecurity vigilance and the potential vulnerabilities that might exist in commonly used platforms.
Spreek, a reputed crypto commentator, brought attention to the event through a series of tweets. According to the shared data, the compromised addresses included https://etherscan.io/address/0x1bffb3a232e06e06a5d9e93c8df3321f768197c2 on Ethereum and https://ftmscan.com/address/0x596288a9090c9eedf87bb5f2da5d8e1bbc7bb935 on Fantom.
However, subsequent updates from Spreek indicated that multiple other Foundation wallets were drained both on Ethereum and Fantom. Furthermore, some non-tagged wallets, believed to be personal ones belonging to team members, were also impacted.
The attacker's knowledge and skill were notably advanced. They managed to unwind complex DeFi configurations, suggesting a deep understanding of the DeFi ecosystem. The total profit accrued by the attacker is estimated at approximately $6.7 million. One of the wallets, believed to belong to a team member, incurred a significant loss of $3.4 million.
Image source: Shutterstock
