Nightmare on FTM Street - Incident Analysis
What Happened
Over $7 million was drained from multiple Fantom Foundation-associated wallets on October 17, 2023. The Foundation subsequently acknowledged a $550,000 loss, though the broader theft affected an employee's accounts. The incident involved multiple chains and raised questions about wallet security practices.
Technical Root Cause
The exact attack vector remains undisclosed, but community analysts suggest "a compromised password manager, potentially LastPass" as the likely cause rather than the initially claimed zero-day exploit.
Attack Vector/Exploit Steps
1. Initial compromise: Attacker(s) gained access to wallet credentials across multiple chains
2. Coordinated draining: Starting just before 4am UTC on October 18, at least 12 addresses were drained simultaneously across five blockchains
3. Cross-chain movement: Funds were consolidated across ETH, FTM, OP, BSC, and AVAX networks
Financial Impact
• Total theft: $7.5 million across all affected addresses
• Foundation's acknowledged loss: $550,000
• Attacker consolidation address (ETH): Holds 4,500 ETH ($7.1 million)
Attacker Addresses
Primary addresses:
•
0x1d93c73d575b81a59ff55958afc38a2344e4f878•
0x2f4f1d2c5944dba74e107d1e8e90e7c1475f4001•
0xdadc0421ee1b5426fca3db22f0a94a3bad5a329dConsolidation address (ETH):
•
0x0b1f29df74a19c44745862ab018d925501fe9596Remediation
No specific remediation measures were detailed in the article. The Foundation acknowledged the incident but provided limited forward-looking security improvements beyond the initial incident response.