Grant Proposal: Reimburse stolen 7789 AMPL assets from 07/22/2020 Metamask hack
 | By: Cryptofan4180 July 24, 2020, 2:57 p.m. |
I'm here to report an unfortunate hack on my AMPL tokens which were hedged across two Ethereum addresses on Metamask. All liquid assets were stolen and unable to be transferred to a secure multisig or an exchange account when the incident occurred. There was a recovery attempt I made to transfer remaining liquidity pool tokens they missed in the first transfer to a secondary address 0x9ae9eab20767eeda3714fa3efefc93b5291da614 and consolidate funds onto a Gnosis multisig, but that address was also compromised before funds could be moved to a secure solution.
I'm making a request to the Ampleforth Treasury in goodwill to reimburse the AMPL assets to an exchange account I own, i'm also fine with a reasonable vesting period placed on these funds. The attacker has left the stolen funds sitting on one address https://etherscan.io/address/0x3f7112d64a64e63936ec040c7d9a6a3636cf33a3 and the loss amount in raw asset counts in AMPL will likely become significantly larger over time. I'm not asking for any compensation of the additional rebased funds, the stolen principal of 7789 AMPL reimbursed will be enough to cover my liabilities.
Primary Suspects
1 -- I had participated in an ICO presale around 10 hours before the incident and spent .03 ETH to buy the Liquidity Dividends Protocol ICO tokens. It's possible the keys had been leaked through phishing tools on their website. They were the final signature recorded on the account before the event occurred.
2 -- An old hacker had compromised the keys and was watching the balance amounts before making collateral damages, though there was already uncirculated project assets I had reserved on a secondary account 0x9AE9Eab20767EEdA3714fa3EfEFc93b5291da614 that had been there for over a year untouched before 07/22
Reimbursement details
I currently have an exchange account with 2FA and whitelisting on Kucoin where these assets can safely be stored as device security is reviewed and potentially the bugged laptop is replaced or reformatted. Kucoin also pays the proper rebase amounts on the tokens. Exchange address: 0x9e3e76dc978256a0306f03c34a50116c65f70474
Signatures
{
"address": "0xfaf90c017015ee7d194dd804b3c2f8fb4abf43d1",
"msg": "This is victim address 0xfaf90C017015ee7D194dD804b3C2F8fb4abf43d1 making a request to the Ampleforth Treasury. Proper reports to authorities have also been produced.",
"sig": "0x95a93774aea9119316ae9a5a580fec9919165157f65523d2387e72acf0c52c13376140ee858794ed50f8a884d44c50c2b7861668ac48cf40621ac266c52725a81b",
"version": "3",
"signer": "MEW"
}
{
"address": "0x9ae9eab20767eeda3714fa3efefc93b5291da614",
"msg": "This is victim address 0x9AE9Eab20767EEdA3714fa3EfEFc93b5291da614 making a request to the Ampleforth Treasury. Proper reports to authorities have also been produced.",
"sig": "0x16d84270eba81bdd07000768855f800e7eed4f99f03da6c24803f6432eae29273f7c0050377a2d1265d5aa35d70548b1ee963195074c9d96cc7b4e253468e9af1c",
"version": "3",
"signer": "MEW"
}
So for the record and media purposes the Treasury Fund cannot support any AML policies? Though for a small case such as this the Ampleforth Treasury is orders of magnitude solvent enough to resolve it. Your seed investor Coinbase is also required to support AML policies. Anyways an update on the hacker, the attacker has moved funds from the flagged address and sold the tokens on Uniswap, so there will be no future illicit funds leveraged into Ampleforth's protocol related to this incident.
There's also funds from Tether USDT that were mixed with the stolen proceeds from another exchange before being sent to Binance. Binance has been alerted along with authorities and a support ticket has been raised with them. Tether has AML policies coded into it's contract so i'm assuming it should be possible for them to handle this matter. Anyways if the Ampleforth Treasury can resolve this matter then Binance can focus on law enforcement and there's no need for them to chase the funds trail further given the event that funds were sent to more exchanges after Binance. A community vote could also be potentially raised later on to describe future AML policies and security requirements to be eligible, hackers are becoming more sophisticated and we're all becoming more at risk as our visibility increases on public blockchains. As there is no explicit AML policy here yet it's up to you how you consider the financial matter of this case should be resolved.
How can we be really sure you are the hacker
@bosstanabe
The hacker has deposited the stolen proceeds on Binance and also interacted with Bittrex, they've found an account related to the incident but are unable to disclose the identity to non law-enforcement officials without a court summons.
Sufficient evidence has been provided that serious theft occurred and that a large amount of project assets were additionally stolen making it easier to see where the hacker further nested illicit funds after the address https://etherscan.io/address/0x3f7112d64a64e63936ec040c7d9a6a3636cf33a3 was flagged by Etherscan, and they deposited the stolen Ether proceeds to Binance with USDT requested from Bittrex. These actions are all verifiable on the blockchain, including myself attempting to make a Gnosis multisig on the secondary address before finding out that address had also been compromised.
https://etherscan.io/tx/0xbc3d82000507efcddddbe86a3803c35a99251efb1497183e0e464f6668c1c3d4
Connect with Twitter
Hey Cryptofan, sorry for your lossed funds.
Unfortunately, I don't think we can safely reimburse lossed funds like this. The biggest reason is that it sets a precedent that we wouldn't be able to keep up with or verify in a sustainable manner.
Find me on twitter at @brandoniles