Facts of the exploit:
November 12, AirDropsDAC suffered a breach on block 26,530,796 at 9:58:29 UTC. The account sym111111add managed to use the [email protected] permission to issue 1.0000 HVT HireVibes token. Following the initial issuance of HVT, the account proceeded to issue 9,524,843.0000 HVT tokens over four transactions. Additionally, the account issued itself 31,880,100 ZKS over five transactions.
The account placed the HVT tokens on newdex for sale, selling approximately 2514 EOS worth of HVT (1,222,498.3740 HVT) which they then moved to an exchange after their theft was detected and halted. HireVibes notified AirDropsDAC of the breach on November 13 at 15:30 UTC. The account that committed the theft was swiftly frozen from transferring HVT and ZKS and all [email protected] permissions were removed from the account.
After additional investigation, the ZKS token was modified to recover all stolen ZKS tokens, and a code was shared with HireVibes so they could recover the remaining 8,302,344.6260 HVT using their own active key.
Summary of the Internal Investigation of the exploiter:
There was human error on the side of AirDropsDAC, however after an internal team investigation, the thief’s account was found to be related to other known accounts. This screenshot provides an overview to the link between the accounts involved in the exploit and the accounts linked to the Eosio.SG block producer.The account that received the issued tokens was created by findexadmin1. Findexadmin1 was created by ha3donbygyge 2 months ago. Ha3donbygyge was created by eosio 5 months ago, and created the eosiosg11111 account. Listed in the “new accounts created by this account” section of the ha3donbygyge account profile, the last account is eosiosg11111. The eosiosg11111 account is tied to the top 21 block producer Eosio.SG.
Conclusion and further actions: Continue on medium.com