Same news in other sources
231 Mar 2023, 13:54
Message from Alpha regarding the entire matter.
In the meantime, we have all necessary actions to engage the expertise of a third party to assist with overseeing and manage the situation.
1/
The Deri Treasury experienced a phishing attack on one of its wallet addresses on March 29th and today, resulting in the theft of about 10 million DERI tokens. Here's the frustrating, facepalm-worthy story of what happened:
Message from Alpha regarding the entire matter.
Message from Alpha regarding the entire matter.
In the meantime, we have all necessary actions to engage the expertise of a third party to assist with overseeing and manage the situation. https://t.co/KBn5oesD4I
1/
The Deri Treasury experienced a phishing attack on one of its wallet addresses on March 29th and today, resulting in the theft of about 10 million DERI tokens. Here's the frustrating, facepalm-worthy story of what happened:
31 Mar 2023, 13:20
Message from Alpha regarding the entire matter.
In the meantime, we have all necessary actions to engage the expertise of a third party to assist with overseeing and manage the situation.
The Deri Treasury experienced a phishing attack on one of its wallet addresses on March 29th and today, resulting in the theft of about 10 million DERI tokens. Here's the frustrating, facepalm-worthy story of what happened:
I was trying to bridge some USDC from BSC to zkSync within this treasury address. Stargate seemed to support this, but I was duped by a phishing website when I googled "stargate bridge."
I should've caught on to the scam when I saw the sketchy domain name "http://stargatefinance.cn.com." But nope, I naively carried on to the "Transfer" function, which asked me to sign a message.
The signed message was actually to set an allowance for the attacker to transfer DERI from the treasury address.
MetaMask even warned me about the danger, but like a classic programmer, I ignored the warning and signed anyway. Of course, the fake "stargate website" never moved to the next step, but I still didn't realize it was a scam and just gave up transferring USDC.
After swiping my signature, the attacker transferred all DERI tokens held by the wallet on BSC and dumped them through MEXC, Pancake, and Uniswap.https://t.co/KOpZde5vjV
And then, unbelievably, the same thing happened again today (yeah, "fool me twice, shame on me"). This time, the attacker took all the DERI tokens held by the wallet on Ethereum and immediately dumped them via DEXs and CEXs.
It took me way too long to realize something wasn't right, and by the time I checked the wallet, all the DERI tokens were gone. So, here I am, feeling down and sharing this embarrassing, yet personal, lesson with you all.
Adding to our facepalm-worthy story, we want to make it clear that the phished address was just for holding DERI tokens within the treasury and had absolutely nothing to do with the Deri Protocol itself.
The protocol's security and functionality remain intact and unaffected by our misadventure. We just wanted to reassure our community that this blunder is unrelated to the protocol's security, and we promise to be extra cautious in the future to keep our assets safe.
Continuing our saga, rest assured that we're not just wallowing in self-pity after this incident. We're rolling up our sleeves and working diligently on solutions to recover the stolen funds and safeguard our assets from future attacks.
Embarrassing but unrelated to Deri Protocol's security, we've learned our lesson the hard way. Moving forward, we'll be extra vigilant. Bear with us as we bounce back, building a secure and reliable platform for our community.
Message from Alpha regarding the entire matter.
Message from Alpha regarding the entire matter. https://twitter.com/0x_Alpha/status/1641787814068240384
In the meantime, we have all necessary actions to engage the expertise of a third party to assist with overseeing and manage the situation.
The Deri Treasury experienced a phishing attack on one of its wallet addresses on March 29th and today, resulting in the theft of about 10 million DERI tokens. Here's the frustrating, facepalm-worthy story of what happened:
I was trying to bridge some USDC from BSC to zkSync within this treasury address. Stargate seemed to support this, but I was duped by a phishing website when I googled "stargate bridge."
I should've caught on to the scam when I saw the sketchy domain name "http://stargatefinance.cn.com." But nope, I naively carried on to the "Transfer" function, which asked me to sign a message.
The signed message was actually to set an allowance for the attacker to transfer DERI from the treasury address.
MetaMask even warned me about the danger, but like a classic programmer, I ignored the warning and signed anyway. Of course, the fake "stargate website" never moved to the next step, but I still didn't realize it was a scam and just gave up transferring USDC.
After swiping my signature, the attacker transferred all DERI tokens held by the wallet on BSC and dumped them through MEXC, Pancake, and Uniswap.https://t.co/KOpZde5vjV
And then, unbelievably, the same thing happened again today (yeah, "fool me twice, shame on me"). This time, the attacker took all the DERI tokens held by the wallet on Ethereum and immediately dumped them via DEXs and CEXs. https://t.co/6Qw5zzP33A
It took me way too long to realize something wasn't right, and by the time I checked the wallet, all the DERI tokens were gone. So, here I am, feeling down and sharing this embarrassing, yet personal, lesson with you all.
Adding to our facepalm-worthy story, we want to make it clear that the phished address was just for holding DERI tokens within the treasury and had absolutely nothing to do with the Deri Protocol itself.
The protocol's security and functionality remain intact and unaffected by our misadventure. We just wanted to reassure our community that this blunder is unrelated to the protocol's security, and we promise to be extra cautious in the future to keep our assets safe.
Continuing our saga, rest assured that we're not just wallowing in self-pity after this incident. We're rolling up our sleeves and working diligently on solutions to recover the stolen funds and safeguard our assets from future attacks.
Embarrassing but unrelated to Deri Protocol's security, we've learned our lesson the hard way. Moving forward, we'll be extra vigilant. Bear with us as we bounce back, building a secure and reliable platform for our community.