EasyFi

EasyFi Hack — April 19–20, 2021

What Happened

EasyFi, a DeFi lending protocol on Polygon Network, suffered a hack of $80M+ on April 19–20, 2021. The hacker compromised the founder's MetaMask admin keys and drained both the EASY token treasury and protocol liquidity pools.

Stolen

• 2.98M EASY tokens (~$25 each = ~$75M)

• $6M in stablecoins (USDC, DAI, USDT) from liquidity pools

Root Cause: Compromised Admin Private Key

• Founder/CEO Ankitt Gaur's computer was compromised in a targeted remote attack

• MetaMask browser extension was modified directly on the disk to steal the mnemonic phrase

• Quote from Gaur: *"My computer was compromised, and Metamask was altered from the disk"*

• Initial speculation about a phishing attack was ruled out by the post-mortem — it was direct disk-level malware

Timeline

• ~10:40 AM UTC, April 19, 2021: Attacker initiated transactions

• Drained EASY tokens from treasury contract

• Drained stablecoin liquidity from pools

• Funds bridged to Ethereum via Ren Bridge

• Converted to 123 BTC, sent to a Bitcoin address

Impact

• EASY token price collapsed

• Protocol largely abandoned post-incident; no full recovery

• Highlighted single-point-of-failure risk of admin-key-controlled DeFi protocols

References

• https://www.coindesk.com/markets/2021/04/20/defi-protocol-easyfi-reports-hack-loss-of-over-80m-in-funds

• https://cryptobriefing.com/easyfi-hacked-over-80-million-metamask-attack/

• https://www.halborn.com/blog/post/explained-the-easyfi-hack-april-2021

• https://chainbulletin.com/easyfi-hack-was-caused-by-compromised-admin-keys