Lympo

Lympo NFT Platform Hack - January 2022

The Hack

Lympo, an Animoca Brands subsidiary, suffered a hot wallet security breach and lost 165.2 million LMT tokens worth $18.7 million at the time of the hack. On Monday January 10, 2022, hackers managed to gain access to Lympo's operational hot wallet and stole approximately 165.2 million LMT, with 10 different project wallets compromised in the attack.

Technical Root Cause

The attackers compromised Lympo's hot wallet — operational wallets used to facilitate routine transactions. The breach affected 10 of Lympo's project wallets simultaneously, suggesting the compromise of private keys/access credentials shared across these wallets.

Attack Flow / Movement of Stolen Funds

• Attackers drained 165.2 million LMT tokens from 10 hot wallets

• Most stolen tokens were consolidated to a single attacker address

• Tokens were then swapped for ETH on Uniswap and SushiSwap

• ETH proceeds were sent elsewhere to obscure the trail

Financial Impact

• Total loss: ~165.2 million LMT (~$18.7m at time of hack)

• LMT price tumbled 92% to $0.0093 after the dump

• 10 project wallets compromised

Response and Recovery

• The Lympo team urged traders not to buy or sell any LMT tokens while investigating

• Animoca CEO Yat Siu told Cointelegraph: "We are working with Lympo to assist them on a recovery plan, but we don't have any specific mechanisms."

Sources

• Animoca Brands' Lympo NFT platform hacked for $18.7 million - Cointelegraph

• Lympo NFT platform hacked with $18.7 million stolen - NFT News Today

• Another Hack Faced By Lympo, Lost 165.2 Million LMT Tokens - DataBreaches.Net

• Hackers steal $18.7 million from Animoca Brands' sports NFT platform - CyberNews