secondary title

#1 Event Overview

It is reported that Dego Finance was launched in September 2020, with the goal of creating a sustainable and practical NFT ecosystem, and created an NFT+DeFi platform. Some people say that in the world of DeFi, DEGO is equivalent to Lego. Treat each DeFi protocol as a brick, including stable currency (DAI), lending (Aave, Compound), decentralized exchange DEX (Uniswap and Balancer), derivatives (Synthetix), insurance (Nexus Mutual), etc. .

On February 10, the official Twitter of Dego Finance announced that it was hacked, and the Lego of the DeFi world just "collapsed"!

secondary title

#2 Event Specific Analysis

Taking the attack on the ETH chain as an example, we made a detailed analysis of the fund flow of one of the addresses of the Dego project party.

First of all, the DEGO.Finance: Deployer address where the private key of the project party was leaked is:

0x20FE4B1eD95911487499e53355BB8f14a881D735

The attacker address is:

0x118203B0f2A3ef9e749D871C8fEF5e5e55ef5C91

1 The attacker minted 592,582.35 dego tokens to the DEGO.Finance: Deployer account and the 0x118 account with the minter authority through the private key.

2 Afterwards, the liquidity of the ETH-dego trading pool will be removed.

3 The attacker obtained 269,502 dego tokens and 378 ETH by withdrawing liquidity through the DEGO.Finance: Deployer account.

4 Then transfer the 378 ETH obtained from the DEGO.Finance: Deployer account to the 0x118 address.

At the same time, the hacker transferred 441 yvWETH originally belonging to the address of the project party to the 0x118 address.

At this time, there are 750.37 ETH in profit (371.6+378.75) and 7.10 ETH transferred in from the 0x118 account, a total of 757.4.

As of now, on the Ethereum chain, the attacker transferred 441 yv WETH to Zapper.Fi: Yearn yVault Zap Out at address 0x118 and exchanged 445 ETH, obtaining a total of 1202 ETH, which was transferred to Tornado.Cash: Proxy 400 ETH . Transfer 202 ETH to the address 0x47a344588653efA88eB6D58433B6A2A5E202D65d.

On the Cronos chain, 196256.7 USDT and 199401.9 USD Coin have been obtained at address 0x118, but have not been transferred out yet.

On the BSC chain, get 3736.17 BNB, and get 9188 BNB through token exchange. 12,741 BNB were transferred to the address 0x47a344588653efA88eB6D58433B6A2A5E202D65d.

The 0x118 address on the three chains totals about $17,627,676. At present, the official said that they are investigating the cause and trying to recover the loss.

Pure dry goods sharing (1) | Basics of DEFI security issues

Further reading:

Pure dry goods sharing (1) | Basics of DEFI security issues

When DeFi becomes a "cash machine" for hackers, how can we ensure its security?