The social token platform Roll suffered a hot wallet break that resulted in hackers consuming at least 3,000 ETH worth $ 5.7 million on March 15.
At around 8 a.m. UTC, the digital asset management platform MyCrypto reported that a hacker may have compromised the private keys for Rolls Hot Wallet, allowing them to transfer funds from users’ accounts at will.
After about 12 hours, Roll responded to the attack, announcing that the hacker had stolen and liquidated a large number of tokens and that the withdrawals were suspended on the platform:
“The attacker sold all of the tokens. No further user action is suggested. ”
Roll added that a $ 500,000 fund was set up to “help the creators and their communities” affected by the incident.
The attacker stole 11 different social tokens, including $ WHALE, $ RARE, and $ PICA. The stolen funds were then transferred to Tornado Cash, a privacy tool often used by hackers to launder stolen funds. The hacker then exchanged the tokens for ether on the popular decentralized exchange Uniswap.
The markets for the tokens stolen in breach began to decline within a few hours of the attack, quickly accumulating losses of more than 90%. The hardest hit companies included $ PICA, $ WHALE and $ FWB, which fell 99.6%, 99.3% and 92.35%, respectively.
As a result of the attack, the market cap of social tokens on the platform dropped from $ 1.5 billion as of March 12 to $ 365 million at the time of this writing.
With only 2.17% of the offering compromised, $ WHALE was one of the few tokens that quickly rebounded and was trading above $ 30 at the time of writing.
A social token is an ERC-20 token that users can create on platforms like Roll to connect with their community or sell assets.
Roll’s response to the breach has generated mixed reactions on Twitter, with particular attention being paid to the $ 500,000 fund.
$ 500,000 fund?
I am a creator and our community just lost EVERYTHING.
The $ PICA just went to 0 …
I lost my salary for months
As smaller creative communities, we just expect more than that. We hope for a full refund. The trust there is seriously damaged in both cases
– Maxime Hacquard (@HacquardMaxime) March 14, 2021
Twitter user LoB added: “There was $ 10 million in a hot wallet without the multisig you promised, 12 hours to respond to the incident, and $ 500,000 to work on a dozen projects to be split up? Yikes “