- Fantom Foundation experiences a security lapse, with hackers exploiting a Google Chrome vulnerability leading to a loss of roughly $657,000.
- Over 35 wallets across the Fantom and Ethereum networks were affected, but the foundation’s primary assets in cold wallets remained secure.
Hackers Exploit Chrome Flaw, Impacting Fantom Operations
Recent times have seen the blockchain domain undergo bouts of turbulence, and the Fantom Foundation is the latest entity caught in the storm. The foundation has been hit with a significant security breach, brought about by hackers harnessing a zero-day vulnerability present in the widely used Google Chrome browser. The consequences of this exploitation were immediate and severe: an unauthorized fund transfer to the tune of approximately $657,000.
With over 35 wallets across the interconnected Fantom and Ethereum networks losing their funds, the incident escalates concerns about blockchain security.
Word about this breach initially trickled down from the foundation’s internal community discussions, predominantly on the messaging platform, Telegram. Users of the foundation were at the forefront, alerting the community about the unsettling financial discrepancies they observed. Amidst this mayhem, a silver lining did emerge; the foundation’s primary assets, which were securely held in cold wallets (offline storage mediums impervious to online hacking attempts), remained untouched, providing a semblance of reassurance in these trying times.
The official watchdog of blockchain security, CertiK, took it upon itself to authenticate the breach. While their estimation of the compromised amount mirrored the reports from the community, the real concern isn’t merely the monetary loss but the manner in which it occurred. Tracking blockchain activities yielded insights into the hackers’ tactics. Under the moniker “Fake_Phishing188024”, the attackers siphoned off diverse cryptocurrencies directly from the foundation’s wallets.
A darker revelation came to the fore when data unveiled another unsanctioned transaction. More than a million Fantom tokens made their way from the foundation’s Wallet 20 to an account associated with the label “Fake_Phishing32” on the Fantom network. Such transfers, in the blockchain vernacular, are indicative of a private key theft – a breach that exposes the fundamental security framework of a blockchain entity.
Unfortunately, this intrusion isn’t an isolated episode. The digital realm, especially platforms associated with blockchain and decentralized finance (DeFi), are grappling with heightened security threats. To cite recent examples, TrueUSD faced its security ordeal when third-party vendor vulnerabilities laid bare sensitive user data.
Similarly, the Web3 platform Galxe encountered a DNS-based attack, leading to monetary damages nearing the $500,000 mark. These incidents serve as stark reminders of the ever-evolving challenges and adversarial advances in the digital space.