On September 25, 2020, social media reported that 10,000 DAI was stolen from tomatos.finance. The main method of this scam is to induce users to approve to grant permission by airdrop, and then directly transfer tokens away. The airdrop is a scam, tokens have not been received yet. tomatos.fi is a liquidity mining project, suspected to be from a Chinese team.
After checking with several security companies, as of press time, several users had their stablecoins stolen by tomatos.finance and suffered huge losses.
Wu said that the blockchain interviewed one of the users (referred to as user A) who encountered the hacker of tomatos.finance to review the whole incident:
User A logged in to tomatos. Finance a few days before the incident to authorize the use of the imtoken wallet. At around 23:00 on September 26, 2020, Beijing time, after logging in to imtoken and depositing DAI, the hacker created the tomatos.finance contract and called the DAI contract. It takes about 10 minutes to transfer into the wallet and transfer to the hacker. The background of the wallet is the setting of unlimited. User A lost nearly 1,350,000 DAI. .
After the incident, the user found that the tomatos.finance website could not be opened, the Twitter account no longer existed, but the telegram was still open.
secondary title
0x917a417D938B9F9E6ae7F9e5253FB6DE410343e3
Looking back at the whole process, how do hackers use Defi to launder coins?
1. DAI is the only stable currency that will not be blacklisted and cannot be frozen. The hacker transferred 700,000 DAI, 600,000 DAI and 5,000 DAI from User A's wallet to the address: 0x917a417D938B9F9E6ae7F9e5253FB6DE410343e3
The hash records are as follows:
0xc16a25e3745c6025363b2b607e9cb0105bab85f1cee225a52bddd4fe6dd27621
0xa8aaf959d79805e19e4aebd0ba279cb2078b35b5ec3a38bf01549651f116b512
0x5221c09d7a15fb6329f4465464e0a715bbd4bd33214606791399eefae8c53bdb
2. The hacker transferred DAI to Uniswap, converted part of the DAI into 500,358.72 USDT, and then used 494,057.53 DAI and 500,358.72 USDT to provide AMM liquidity through the Uniswap V2: DAI-USDT LP trading pair to earn fees.
3. The hacker exchanged all the stablecoins in his hands for ETH and washed them through Tornado Cash.
After the incident, user A quickly obtained support from various parties in the industry, and has already reported to the police, and carried out subsequent determination of the hacker portrait. Wu said that the blockchain will also continue to track the progress of tomatoes.fi-related events and report in detail as soon as possible.
On the 27th, the coin thieves of KuCoin also traded altcoins into ETH through Uniswap. Centralized exchanges such as Matcha and Binance have frozen some funds of the coin thieves, so they seek to trade on decentralized exchanges. The next step is to It is to mix coins. Decentralized exchanges have no right to control such malicious behavior. Previously, there were rumors that the US SEC launched an investigation into Uniswap. Some people believed that the role of decentralized exchanges in this hacking incident may attract regulatory attention. (Author: 21 Research; Editor: Colin Wu)
