I'm here to report an unfortunate hack on my AMPL tokens which were hedged across two Ethereum addresses on Metamask. All liquid assets were stolen and unable to be transferred to a secure multisig or an exchange account when the incident occurred. There was a recovery attempt I made to transfer remaining liquidity pool tokens they missed in the first transfer to a secondary address 0x9ae9eab20767eeda3714fa3efefc93b5291da614 and consolidate funds onto a Gnosis multisig, but that address was also compromised before funds could be moved to a secure solution.

I'm making a request to the Ampleforth Treasury in goodwill to reimburse the AMPL assets to an exchange account I own, i'm also fine with a reasonable vesting period placed on these funds. The attacker has left the stolen funds sitting on one address https://etherscan.io/address/0x3f7112d64a64e63936ec040c7d9a6a3636cf33a3 and the loss amount in raw asset counts in AMPL will likely become significantly larger over time. I'm not asking for any compensation of the additional rebased funds, the stolen principal of 7789 AMPL reimbursed will be enough to cover my liabilities.

Primary Suspects

1 -- I had participated in an ICO presale around 10 hours before the incident and spent .03 ETH to buy the Liquidity Dividends Protocol ICO tokens. It's possible the keys had been leaked through phishing tools on their website. They were the final signature recorded on the account before the event occurred.

2 -- An old hacker had compromised the keys and was watching the balance amounts before making collateral damages, though there was already uncirculated project assets I had reserved on a secondary account 0x9AE9Eab20767EEdA3714fa3EfEFc93b5291da614 that had been there for over a year untouched before 07/22

Reimbursement details

I currently have an exchange account with 2FA and whitelisting on Kucoin where these assets can safely be stored as device security is reviewed and potentially the bugged laptop is replaced or reformatted. Kucoin also pays the proper rebase amounts on the tokens. Exchange address: 0x9e3e76dc978256a0306f03c34a50116c65f70474

Signatures
{
"address": "0xfaf90c017015ee7d194dd804b3c2f8fb4abf43d1",
"msg": "This is victim address 0xfaf90C017015ee7D194dD804b3C2F8fb4abf43d1 making a request to the Ampleforth Treasury. Proper reports to authorities have also been produced.",
"sig": "0x95a93774aea9119316ae9a5a580fec9919165157f65523d2387e72acf0c52c13376140ee858794ed50f8a884d44c50c2b7861668ac48cf40621ac266c52725a81b",
"version": "3",
"signer": "MEW"
}

{
"address": "0x9ae9eab20767eeda3714fa3efefc93b5291da614",
"msg": "This is victim address 0x9AE9Eab20767EEdA3714fa3EfEFc93b5291da614 making a request to the Ampleforth Treasury. Proper reports to authorities have also been produced.",
"sig": "0x16d84270eba81bdd07000768855f800e7eed4f99f03da6c24803f6432eae29273f7c0050377a2d1265d5aa35d70548b1ee963195074c9d96cc7b4e253468e9af1c",
"version": "3",
"signer": "MEW"
}