In the aftermath of Fantom’s $550,000 hack in October, a security researcher found that the attacker could have stolen as much as $170 million.
The Fantom Foundation, a nonprofit organization developing the Fantom blockchain platform, has eliminated a significant vulnerability after a $550,000 hack in October.
On Oct. 17, the Fantom Foundation suffered a hot wallet hack, with an unknown attacker draining 1% of Fantom Foundation’s funds. The foundation subsequently stopped using some of the affected wallets, reassigning them to a Fantom employee, making it a “targeted attack.”
Following the incident, an unnamed security researcher found an additional potential risk associated with the hack and alerted the Fantom Foundation, according to a blog post on Nov. 20. The vulnerability was associated with a dormant admin token for Fantom’s ERC-20 FTM contract, which could potentially allow the attacker the ability to mint a portion of Fantom (FTM) for themselves on Ethereum.
According to the Fantom Foundation, the discovered vulnerability could have allowed the hacker to drain $170 million using the wallet access. The organization said the value of the potential loss is based on the token price at the time of the hack, “though this estimate does not consider the market’s insufficient liquidity to absorb the tokens fully.”
The Fantom Foundation said that the vulnerability was “mitigated quickly,” and the organization awarded the unnamed researcher $1.7 million in recognition of the contribution. The announcement added:
“The Fantom Foundation is dedicated to upholding the highest security standards for our platform, and we remain grateful for the security researchers who contribute to this effort.”
The Fantom Foundation did not immediately respond to Cointelegraph’s request for comment.
Related: Poloniex says hacker’s identity is confirmed, offers last bounty at $10M
Despite the Fantom Foundation losing half a million to a hack one month ago, the Fantom token has risen over the past four weeks. The token has added 82% of value since Oct. 17, trading at $0.31 at the time of writing, according to CoinGecko. The token is also up 78% over the past year, according to the data.
Launched in late 2019, the Fantom network is a blockchain protocol that enables users to build and deploy decentralized applications (DApps). The Fantom Foundation’s Opera is a permissionless blockchain compatible with the Ethereum Virtual Machine, which allows users to interact with the Fantom network on MetaMask, a leading self-custodial cryptocurrency wallet.
Fantom’s recent $550,000 hack isn’t the first attack on the Fantom Foundation or its users. In July 2023, Fantom suffered a massive multichain bridge hack, which resulted in the loss of $126 million worth of cryptocurrency. Fantom creator Andre Cronje subsequently claimed that the Fantom team was misled about the actual security level of Multichain, which ceased operations in mid-July 2023.
Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in
