EasyFi Hacked for $81 Million

Summary

On April 19, 2021, a hacker stole $81 million worth of cryptocurrency from EasyFi, a decentralized finance platform. The hacker introduced a malicious version of MetaMask into the computer and stole the private key.

Attackers

The identity of the hackers who attacked EasyFi is unknown.

Hacker ETH Wallet:

• 0x83a2EB63B6Cc296529468Afa85DbDe4A469d8B37

Losses

EasyFi estimated the losses from the hack to be $81 million. The stolen assets included:

• 2.98 million EASY
• $6 million in USDT and DAI

Timeline

• April 19, 2021, 10:26:19 AM +UTC: Hacker conducts the malicious transaction.
• April 20, 2021: EasyFi published exploit Post-Mortem, announced $1 million reward for refund and not to undertake any legal proceedings regarding this incident.
• April 29, 2021 08:05:40 PM +UTC: EasyFi has conducted a hard fork, and created a new token contract in an effort to compensate users affected by the hack.

Security Failure Causes

• Injection Vulnerability Exploitation: The attacker injected a malicious version of MetaMask, showcasing a severe injection vulnerability which allowed unauthorized access to mnemonic/private keys to execute unauthorized transactions.
• Insufficient Access Controls: The machine compromised was dedicated to official transfers but was successfully accessed by the attacker, indicating inadequate access control measures.
• Delayed Incident Response: The machine’s offline status at the time of attack delayed the response, enabling the attacker to drain substantial assets from the protocol, reflecting a need for enhanced incident detection and response strategies.