Security Update: Recent Network Incident and Actions Taken.
04 Jun 2023, 00:38
Security Update: Recent Network Incident and Actions Taken
We would like to inform you of a recent security incident involving the compromise of funds from multiple wallets owned by a community member who was a large holder of DAG, LTX, and other ecosystem tokens. The attacker appears to have gained access to two wallets on the user’s machine: a Stargazer wallet and an unassociated MetaMask wallet. Large quantities of tokens were then moved through various channels to exchange them for ETH.
Here’s what we know:
⁃ As confirmed by the user, the attacker gained access to a Stargazer wallet and a MetaMask wallet installed on their personal laptop.
⁃ These wallets contained large amounts of DAG, LTX, ETH, ADS, JAM, and BIO tokens.
⁃ The apparent first action taken by the attacker was to unlock the user’s veLTX to LTX.
⁃ All ERC-20 tokens were swapped through Uniswap.
⁃ DAG was sent to Exolix in multiple large transactions in order to swap for ETH.
⁃ A large amount of DAG (~13.5M) was sent to a wallet controlled by the attacker.
Based on our initial investigation, we DO NOT believe this was an exploit in Stargazer wallet specifically and as it appears to involve access to multiple resources on a compromised machine. We also DO NOT believe this involved any exploit of the network itself. We will continue to investigate the root cause of the situation as more information becomes available.
We have been investigating available methods to mitigate this situation due to the large amount of funds involved and degree to which the attack impacted various ecosystem projects.
We’ve taken the following actions:
⁃ Reached out to our partners at Exolix who acted quickly to stop in-progress swaps where the DAG had been sent but the swapped token had not. This will freeze approximately 8.5M DAG pending further investigation.
⁃ Created a network (Tessellation) release to lock two DAG addresses associated with the attacker which freezes an additional ~13.5M DAG pending further investigation. This was released as Tessellation v1.11.2.
Please be aware that the decision to freeze network addresses was not made lightly. We believe that this was the least invasive action available to the team to mitigate the damages from this situation. Also note that this change does not give anyone access to the wallets in question. Further decisions will need to be made together with the community on how to handle next steps with the frozen addresses.
The addresses frozen by this action are the following:
⁃ DAG0qgcEbMk8vQL6VrnbhMreNeEFXk12v1BvERCb
⁃ DAG2KQrN97LpA5gRerJAQ5mDuy6kjC2dDtMr58fe
The change can be viewed on Github at the following commit:
We will continue to keep the community informed about any further actions that are taken by the core team. Please remain vigilant with your security practices and do not hesitate to report and suspicious activities to the team via Telegram, Discord, or other channels.
Thank you.