We’ve been baptised - we experienced our first hack. Read on
1/12
1/12
02:30 UTC: Our team detected some suspicious activity on the main platform.
2/12
2/12
03:45 UTC: After internal investigations from our US-based colleagues, the core team was gathered together and an emergency situation room was established.
3/12
3/12
We shortly identified the issue: a malicious party was able to drain all the SOL locked in the accounts that were part of open offers.
4/12
4/12
NFTs listed for sale or auction were safe. The attacker was only able to abuse the offer flow. A total of 427 offers were drained (pertaining to a couple of hundreds of different users)
5/12
5/12
04:30 UTC: We temporarily disabled the ‘making’ and ‘accepting offers’ features, both at the contract level and from the UI.
6/12
https://twitter.com/exchgART/status/1489820924870213632
6/12
5:00 UTC: We decided to lock in and purchase enough SOL in order to secure refunds for everyone affected (~1k SOL).
7/12
7/12
7:15 UTC: We refunded everybody that we identified was a victim in the attack.
8/12
8/12
We’ve already identified the issue causing this, and we will be securing our contract to eliminate this vulnerability. Until this is done, the ‘make an offer’/’accept an offer’ flows will remain locked.
9/12
9/12
If you think you have been part of this attack, please check this file that contains details about the offers that have been affected, plus the refunding transactions which we issued (originating wallet 4rZ3GqA4bniVJB9TCaiUV8Q8suCpdkjexXmANUMT6tGX
)
cdn.exchange.art/refunds-5-feb-…
10/12
)
cdn.exchange.art/refunds-5-feb-…
10/12
If you think we have missed you and you are owed a refund, please reach out to our support desk, and we will be happy to reimburse your made offer.
11/12
11/12
We take our commitment to the 1/1 artists and our community very seriously. We are making all the efforts to strengthen the fort and grow together. Thanks for your support.
12/12
12/12
• • •
Missing some Tweet in this thread? You can try to
force a refresh
